From 3ddfb59464698a645558a120d438c2f37db9c2cb Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Mon, 30 Sep 2019 14:33:09 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=BB=98=E8=AE=A4?=
 =?UTF-8?q?=E4=B8=8D=E8=B7=B3=E4=B8=BB=E9=A1=B5=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/net/mingsoft/config/WebConfig.java    | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java
index b8816a49..a2f6edb0 100644
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@@ -144,15 +144,15 @@ public class WebConfig implements WebMvcConfigurer {
 		return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
 	}
 
-    @Bean
-    public FilterRegistrationBean xssFilterRegistration() {
-        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
-        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
-        xssFilter.excludes.add(".*file/upload.do");
-        xssFilter.excludes.add(".*/jsp/editor.do");
-        registration.addUrlPatterns("/*");
-        return registration;
-    }
+//    @Bean
+//    public FilterRegistrationBean xssFilterRegistration() {
+//        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
+//        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
+//        xssFilter.excludes.add(".*file/upload.do");
+//        xssFilter.excludes.add(".*/jsp/editor.do");
+//        registration.addUrlPatterns("/**");
+//        return registration;
+//    }
 
 	/**
 	 * RequestContextListener注册

From 2d4d257bfecf81230df963286130344891414496 Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Wed, 9 Oct 2019 11:07:31 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=BB=E9=A1=B5store?=
 =?UTF-8?q?=E4=B8=8D=E6=98=BE=E7=A4=BA=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/webapp/templets/1/default/index.htm | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/webapp/templets/1/default/index.htm b/src/main/webapp/templets/1/default/index.htm
index cdcfbc19..31ec60a4 100644
--- a/src/main/webapp/templets/1/default/index.htm
+++ b/src/main/webapp/templets/1/default/index.htm
@@ -6,10 +6,10 @@
         <script type="text/javascript" src="{ms:global.host/}/plugins/bootstrap/3.3.5/js/bootstrap.min.js"></script>
         <script>
         	var ms = {
-        			base:"http://mstore.mingsoft.net"
+        			base:"http://store.mingsoft.net"
         	}
         </script>
-        <script src="http://mstore.mingsoft.net/api/ms.web.mstore.js"></script>
+        <script src="http://store.mingsoft.net/api/ms.web.mstore.js"></script>
     </head>
 
     <body>
@@ -65,11 +65,11 @@
                                         <template v-for="model in modelList">
                                             <div class="ms-model-list">
                                                 <a class="ms-model-img" :href="model.upgraderVersionUrl" target="_blank">
-                                                    <img @mouseout="imgMout()" @mouseover="imgMover()" :src="'http://mstore.mingsoft.net/'+model.upgraderVersionImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
+                                                    <img @mouseout="imgMout()" @mouseover="imgMover()" :src="'http://store.mingsoft.net/'+model.upgraderVersionImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
                                                 </a>
                                                 <div class="ms-model-mobile-img" v-if="model.upgraderVersionMobileImg != '' && model.upgraderVersionMobileImg != undefined" style="background: url({ms:global.host/}/{ms:global.style/}/images/mobile.png)">
                                                     <div>
-                                                        <img @mouseout="imgMout()" @mouseover="imgMover()" :src="'http://mstore.mingsoft.net/'+model.upgraderVersionMobileImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
+                                                        <img @mouseout="imgMout()" @mouseover="imgMover()" :src="'http://store.mingsoft.net/'+model.upgraderVersionMobileImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
                                                     </div>
                                                 </div>
                                                 <div class="ms-model-info">
@@ -82,7 +82,7 @@
                                         </template>
                                         <div class="ms-model-list" style="display: none;" v-show="loading">
                                             <div class="ms-model-more">
-                                                <div onclick="window.open('http://mstore.mingsoft.net/mstoreShow.do')">查看更多</div>
+                                                <div onclick="window.open('http://store.mingsoft.net/mstoreShow.do')">查看更多</div>
                                             </div>
                                         </div>
                                     </div>
@@ -92,7 +92,7 @@
                                         <template v-for="pulg in pulgList">
                                             <div class="ms-model-list">
                                                 <a class="ms-model-img" :href="pulg.upgraderVersionUrl" target="_blank">
-                                                    <img :src="'http://mstore.mingsoft.net/'+pulg.upgraderVersionImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
+                                                    <img :src="'http://store.mingsoft.net/'+pulg.upgraderVersionImg" onerror="this.src='{ms:global.host/}/{ms:global.style/}/images/no-data.png'" />
                                                 </a>
                                                 <div class="ms-model-info">
                                                     <span v-text="pulg.upgraderVersionName"></span>
@@ -104,7 +104,7 @@
                                         </template>
                                         <div class="ms-model-list" style="display: none;" v-show="loading">
                                             <div class="ms-model-more">
-                                                <div onclick="window.open('http://mstore.mingsoft.net/mstoreShow.do')">查看更多</div>
+                                                <div onclick="window.open('http://store.mingsoft.net/mstoreShow.do')">查看更多</div>
                                             </div>
                                         </div>
                                     </div>

From aa2d8ac17c1fcd41ca155e7d0e2d8134de949482 Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Thu, 10 Oct 2019 10:31:37 +0800
Subject: [PATCH 3/4] xss

---
 .../java/net/mingsoft/config/WebConfig.java    | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java
index a2f6edb0..e78a70ac 100644
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@@ -144,15 +144,15 @@ public class WebConfig implements WebMvcConfigurer {
 		return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
 	}
 
-//    @Bean
-//    public FilterRegistrationBean xssFilterRegistration() {
-//        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
-//        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
-//        xssFilter.excludes.add(".*file/upload.do");
-//        xssFilter.excludes.add(".*/jsp/editor.do");
-//        registration.addUrlPatterns("/**");
-//        return registration;
-//    }
+    @Bean
+    public FilterRegistrationBean xssFilterRegistration() {
+        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
+        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
+        xssFilter.excludes.add(".*file/upload.do");
+        xssFilter.excludes.add(".*/jsp/editor.do");
+        registration.addUrlPatterns("/**");
+        return registration;
+    }
 
 	/**
 	 * RequestContextListener注册

From 7161b213a560237be29c687a2feec0311807f8c5 Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Thu, 10 Oct 2019 10:42:13 +0800
Subject: [PATCH 4/4] xss

---
 src/main/java/net/mingsoft/config/WebConfig.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java
index e78a70ac..53da20d9 100644
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@@ -150,7 +150,8 @@ public class WebConfig implements WebMvcConfigurer {
         FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
         xssFilter.excludes.add(".*file/upload.do");
         xssFilter.excludes.add(".*/jsp/editor.do");
-        registration.addUrlPatterns("/**");
+        xssFilter.excludes.add("/");
+        registration.addUrlPatterns("/*");
         return registration;
     }