update 优化魔法值

master
疯狂的狮子Li 2 years ago committed by Gitee
parent 6f48fc3c58
commit 0a893d196e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
  1. 7
      ruoyi-common/src/main/java/com/ruoyi/common/filter/RepeatedlyRequestWrapper.java
  2. 3
      ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java

@ -10,6 +10,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import com.ruoyi.common.utils.http.HttpHelper;
import com.ruoyi.common.constant.Constants;
/**
* 构建可重复读取inputStream的request
@ -23,10 +24,10 @@ public class RepeatedlyRequestWrapper extends HttpServletRequestWrapper
public RepeatedlyRequestWrapper(HttpServletRequest request, ServletResponse response) throws IOException
{
super(request);
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
request.setCharacterEncoding(Constants.UTF8);
response.setCharacterEncoding(Constants.UTF8);
body = HttpHelper.getBodyString(request).getBytes("UTF-8");
body = HttpHelper.getBodyString(request).getBytes(Constants.UTF8);
}
@Override

@ -12,6 +12,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.enums.HttpMethod;
/**
* 防止XSS攻击的过滤器
@ -59,7 +60,7 @@ public class XssFilter implements Filter
String url = request.getServletPath();
String method = request.getMethod();
// GET DELETE 不过滤
if (method == null || method.matches("GET") || method.matches("DELETE"))
if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method))
{
return true;
}

Loading…
Cancel
Save