Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gs1-office-web-sit
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
吴迪
gs1-office-web-sit
Commits
6872b5a3
Commit
6872b5a3
authored
Oct 15, 2024
by
吴迪
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
【修改】xss转义问题
parent
174d8847
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
13 additions
and
14 deletions
+13
-14
HTMLFilter.java
src/main/java/io/office/common/xss/HTMLFilter.java
+11
-13
LogLoginServiceImpl.java
...fice/modules/manage/service/impl/LogLoginServiceImpl.java
+2
-1
No files found.
src/main/java/io/office/common/xss/HTMLFilter.java
View file @
6872b5a3
...
...
@@ -228,10 +228,9 @@ public final class HTMLFilter {
s
=
processRemoveBlanks
(
s
);
debug
(
"processRemoveBlanks: "
+
s
);
s
=
validateEntities
(
s
);
debug
(
" validateEntites: "
+
s
);
//
s = validateEntities(s);
//
debug(" validateEntites: " + s);
debug
(
"************************************************\n\n"
);
return
s
;
}
...
...
@@ -464,7 +463,7 @@ public final class HTMLFilter {
m
.
appendTail
(
buf
);
s
=
buf
.
toString
();
s
=
validateEntities
(
s
);
//
s = validateEntities(s);
return
s
;
}
...
...
@@ -472,13 +471,13 @@ public final class HTMLFilter {
StringBuffer
buf
=
new
StringBuffer
();
// validate entities throughout the string
Matcher
m
=
P_VALID_ENTITIES
.
matcher
(
s
);
while
(
m
.
find
())
{
final
String
one
=
m
.
group
(
1
);
//([^&;]*)
final
String
two
=
m
.
group
(
2
);
//(?=(;|&|$))
m
.
appendReplacement
(
buf
,
Matcher
.
quoteReplacement
(
checkEntity
(
one
,
two
)));
}
m
.
appendTail
(
buf
);
//
Matcher m = P_VALID_ENTITIES.matcher(s);
//
while (m.find()) {
//
final String one = m.group(1); //([^&;]*)
//
final String two = m.group(2); //(?=(;|&|$))
//
m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
//
}
//
m.appendTail(buf);
return
encodeQuotes
(
buf
.
toString
());
}
...
...
@@ -527,4 +526,4 @@ public final class HTMLFilter {
private
boolean
allowedAttribute
(
final
String
name
,
final
String
paramName
)
{
return
allowed
(
name
)
&&
(
vAllowed
.
isEmpty
()
||
vAllowed
.
get
(
name
).
contains
(
paramName
));
}
}
\ No newline at end of file
}
src/main/java/io/office/modules/manage/service/impl/LogLoginServiceImpl.java
View file @
6872b5a3
...
...
@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
//是不是条码卡登录 1是 0 否
String
isCardNumberLogin
=
String
.
valueOf
(
params
.
get
(
"isCardNumberLogin"
)
==
null
?
"0"
:
params
.
get
(
"isCardNumberLogin"
));
if
(
StrUtil
.
equals
(
"1"
,
isCardNumberLogin
))
{
log
.
info
(
"{},{}"
,
userName
,
passWord
);
String
phoen_M
=
DESUtils
.
byteToHexString
(
DESUtils
.
DES_CBC_Encrypt
(
userName
.
getBytes
(),
DESNewUtils
.
Key
.
getBytes
()));
String
passwrod_M
=
DESUtils
.
byteToHexString
(
DESUtils
.
DES_CBC_Encrypt
(
passWord
.
getBytes
(),
DESNewUtils
.
Key
.
getBytes
()));
String
url
=
"http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username="
+
phoen_M
+
"&pwd="
+
passwrod_M
+
"&source=ancc"
;
...
...
@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
}
System
.
out
.
println
(
MD5Util
.
unicodeToString
(
"
440220aa487a592881324212d7c9ef6f
"
));
System
.
out
.
println
(
MD5Util
.
unicodeToString
(
"
1bbd886460827015e5d605ed44252251
"
));
System
.
out
.
println
(
DESUtils
.
byteToHexString
(
DESUtils
.
DES_CBC_Encrypt
(
"1165004"
.
getBytes
(),
DESUtils
.
Key
.
getBytes
())));
System
.
out
.
println
(
DESUtils
.
byteToHexString
(
DESUtils
.
DES_CBC_Encrypt
(
"GS1_20201013"
.
getBytes
(),
DESUtils
.
Key
.
getBytes
())));
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment