pengjunjie/JeecgBoot
1
0
Fork 1
mirror of https://github.com/jeecgboot/JeecgBoot.git synced 2025-12-08 17:12:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

JeecgBoot3.7XSS漏洞处理

Browse Source
This commit is contained in:
JEECG
2024-09-14 14:15:31 +08:00
parent 48bc76cce7
commit 575baa8d49
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
View File

@ -3,6 +3,8 @@ package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.jeecg.modules.system.util.XssUtils;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
@ -23,8 +25,13 @@ public class WechatVerifyController {
*/ */
@RequestMapping(value = "/WW_verify_{code}.txt") @RequestMapping(value = "/WW_verify_{code}.txt")
public void mpVerify(@PathVariable("code") String code, HttpServletResponse response) { public void mpVerify(@PathVariable("code") String code, HttpServletResponse response) {
if(StringUtils.isEmpty(code)){
log.error("企业微信证书验证失败!(code为空)");
return;
}
try { try {
PrintWriter writer = response.getWriter(); PrintWriter writer = response.getWriter();
code = XssUtils.scriptXss(code);
writer.write(code); writer.write(code);
writer.close(); writer.close();
} catch (Exception e) { } catch (Exception e) {