Commit 6872b5a3 by 吴迪

【修改】xss转义问题

parent 174d8847
...@@ -228,10 +228,9 @@ public final class HTMLFilter { ...@@ -228,10 +228,9 @@ public final class HTMLFilter {
s = processRemoveBlanks(s); s = processRemoveBlanks(s);
debug("processRemoveBlanks: " + s); debug("processRemoveBlanks: " + s);
s = validateEntities(s); // s = validateEntities(s);
debug(" validateEntites: " + s); //debug(" validateEntites: " + s);
debug("************************************************\n\n");
return s; return s;
} }
...@@ -464,7 +463,7 @@ public final class HTMLFilter { ...@@ -464,7 +463,7 @@ public final class HTMLFilter {
m.appendTail(buf); m.appendTail(buf);
s = buf.toString(); s = buf.toString();
s = validateEntities(s); //s = validateEntities(s);
return s; return s;
} }
...@@ -472,13 +471,13 @@ public final class HTMLFilter { ...@@ -472,13 +471,13 @@ public final class HTMLFilter {
StringBuffer buf = new StringBuffer(); StringBuffer buf = new StringBuffer();
// validate entities throughout the string // validate entities throughout the string
Matcher m = P_VALID_ENTITIES.matcher(s); //Matcher m = P_VALID_ENTITIES.matcher(s);
while (m.find()) { //while (m.find()) {
final String one = m.group(1); //([^&;]*) // final String one = m.group(1); //([^&;]*)
final String two = m.group(2); //(?=(;|&|$)) // final String two = m.group(2); //(?=(;|&|$))
m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two))); // m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
} //}
m.appendTail(buf); //m.appendTail(buf);
return encodeQuotes(buf.toString()); return encodeQuotes(buf.toString());
} }
...@@ -527,4 +526,4 @@ public final class HTMLFilter { ...@@ -527,4 +526,4 @@ public final class HTMLFilter {
private boolean allowedAttribute(final String name, final String paramName) { private boolean allowedAttribute(final String name, final String paramName) {
return allowed(name) && (vAllowed.isEmpty() || vAllowed.get(name).contains(paramName)); return allowed(name) && (vAllowed.isEmpty() || vAllowed.get(name).contains(paramName));
} }
} }
\ No newline at end of file
...@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity ...@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
//是不是条码卡登录 1是 0 否 //是不是条码卡登录 1是 0 否
String isCardNumberLogin = String.valueOf(params.get("isCardNumberLogin") == null ? "0" : params.get("isCardNumberLogin")); String isCardNumberLogin = String.valueOf(params.get("isCardNumberLogin") == null ? "0" : params.get("isCardNumberLogin"));
if (StrUtil.equals("1", isCardNumberLogin)) { if (StrUtil.equals("1", isCardNumberLogin)) {
log.info("{},{}",userName,passWord);
String phoen_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(userName.getBytes(), DESNewUtils.Key.getBytes())); String phoen_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(userName.getBytes(), DESNewUtils.Key.getBytes()));
String passwrod_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(passWord.getBytes(), DESNewUtils.Key.getBytes())); String passwrod_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(passWord.getBytes(), DESNewUtils.Key.getBytes()));
String url = "http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username=" + phoen_M + "&pwd=" + passwrod_M + "&source=ancc"; String url = "http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username=" + phoen_M + "&pwd=" + passwrod_M + "&source=ancc";
...@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity ...@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
} }
System.out.println(MD5Util.unicodeToString("440220aa487a592881324212d7c9ef6f")); System.out.println(MD5Util.unicodeToString("1bbd886460827015e5d605ed44252251"));
System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("1165004".getBytes(), DESUtils.Key.getBytes()))); System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("1165004".getBytes(), DESUtils.Key.getBytes())));
System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("GS1_20201013".getBytes(), DESUtils.Key.getBytes()))); System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("GS1_20201013".getBytes(), DESUtils.Key.getBytes())));
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment