Commit 45a49a85 authored by zengtianlai3's avatar zengtianlai3

xss 优化

parent a21ba397
......@@ -112,7 +112,6 @@ public class OperateController {
public BaseResult readAlarm() {
String i = UserUtils.getLoginUserId();
int uI = Integer.valueOf(i);
uI = Integer.valueOf(XssUtil.checkXSS(String.valueOf(uI)));
boolean res = alarmReadService.readAlarm(uI);
if (res) {
return BaseResult.success();
......
......@@ -9,6 +9,7 @@ import iot.sixiang.license.mapper.AlarmReadMapper;
import iot.sixiang.license.model.vo.AlarmVo;
import iot.sixiang.license.service.AlarmReadService;
import iot.sixiang.license.util.CommonUtil;
import iot.sixiang.license.xss.XssUtil;
import org.apache.poi.ss.formula.functions.T;
import org.springframework.stereotype.Service;
......@@ -39,6 +40,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead
if (userId == 0) {
throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(),ResultCode.VALIDATE_FAILED.getMsg());
}
userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
List<AlarmVo> alarmList = alarmMapper.getAlarmList(userId);
List<AlarmVo> list = CommonUtil.dealWithAccessControl(alarmList, List.class);
for (AlarmVo alarm: list) {
......
......@@ -7,6 +7,7 @@ import iot.sixiang.license.handler.IotLicenseException;
import iot.sixiang.license.mapper.SysOperLogMapper;
import iot.sixiang.license.model.PageInfoModel;
import iot.sixiang.license.service.SysOperLogService;
import iot.sixiang.license.xss.XssUtil;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
......@@ -32,6 +33,13 @@ public class SysOperLogServiceImpl extends ServiceImpl<SysOperLogMapper, SysOper
@Override
public boolean addOperlog(String title, Integer businessType, String uri, Integer status, String optParam, String errorMsg, Date operTime) {
title = XssUtil.checkXSS(title);
businessType = Integer.valueOf(XssUtil.checkXSS(String.valueOf(businessType)));
uri = XssUtil.checkXSS(uri);
status = Integer.valueOf(XssUtil.checkXSS(String.valueOf(status)));
optParam = XssUtil.checkXSS(optParam);
errorMsg = XssUtil.checkXSS(errorMsg);
// operTime = XssUtil.checkXSS(operTime);
return sysOperLogMapper.addOperlog(title, businessType, uri, status, optParam, errorMsg, operTime);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment