From 48e10590fdd722a4788c3cbbb020059830d4e69d Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Tue, 22 Sep 2020 14:17:27 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=90=9C=E7=B4=A2=E7=A9=BA?=
 =?UTF-8?q?=E5=BC=82=E5=B8=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../mingsoft/cms/action/web/MCmsAction.java    | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
index 061e1594..2aec809f 100644
--- a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
+++ b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
@@ -343,11 +343,11 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		if (field != null) {
 			for (Map.Entry<String, Object> entry : field.entrySet()) {
 				if (entry != null) {
-					String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\\\$1"); // 处理由get方法请求中文乱码问题
-					value=clearXss(value);
-					if (ObjectUtil.isNull(value)) {
+					if (ObjectUtil.isNull(entry.getValue())) {
 						continue;
 					}
+                    String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\\\$1"); // 处理由get方法请求中文乱码问题
+                    value=clearXss(value);
 					if (request.getMethod().equals(RequestMethod.GET)) { // 如果是get方法需要将请求地址参数转码
 						try {
 							value = new String(value.getBytes("ISO-8859-1"), Const.UTF8);
@@ -383,11 +383,13 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		StringBuilder urlParams=new StringBuilder();
 		searchMap.forEach((k,v)->{
 			//sql注入过滤
-			searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
-			searchMap.put(k,clearXss(searchMap.get(k).toString()));
-			if(!ParserUtil.SIZE.equals(k)&&!ParserUtil.PAGE_NO.equals(k)){
-				urlParams.append(k).append("=").append(searchMap.get(k)).append("&");
-			}
+            if(v!=null){
+                searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
+                searchMap.put(k,clearXss(searchMap.get(k).toString()));
+                if(!ParserUtil.SIZE.equals(k)&&!ParserUtil.PAGE_NO.equals(k)){
+                    urlParams.append(k).append("=").append(searchMap.get(k)).append("&");
+                }
+            }
 		});
 
 		//查询数量