xss 优化

45a49a85 · zengtianlai3 · a21ba397 · 45a49a85 · 45a49a85 · 45a49a85
Commit 45a49a85 authored Jul 17, 2022 by zengtianlai3
3 changed files
--- a/license/src/main/java/iot/sixiang/license/controller/OperateController.java
+++ b/license/src/main/java/iot/sixiang/license/controller/OperateController.java
@@ -112,7 +112,6 @@ public class OperateController {
    public BaseResult readAlarm() {
        String i = UserUtils.getLoginUserId();
        int uI = Integer.valueOf(i);
-        uI = Integer.valueOf(XssUtil.checkXSS(String.valueOf(uI)));
        boolean res = alarmReadService.readAlarm(uI);
        if (res) {
            return BaseResult.success();

--- a/license/src/main/java/iot/sixiang/license/service/impl/AlarmReadServiceImpl.java
+++ b/license/src/main/java/iot/sixiang/license/service/impl/AlarmReadServiceImpl.java
@@ -9,6 +9,7 @@ import iot.sixiang.license.mapper.AlarmReadMapper;
 import iot.sixiang.license.model.vo.AlarmVo;
 import iot.sixiang.license.service.AlarmReadService;
 import iot.sixiang.license.util.CommonUtil;
+import iot.sixiang.license.xss.XssUtil;
 import org.apache.poi.ss.formula.functions.T;
 import org.springframework.stereotype.Service;
@@ -39,6 +40,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead
        if (userId == 0) {
            throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(),ResultCode.VALIDATE_FAILED.getMsg());
        }
+        userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
        List<AlarmVo> alarmList = alarmMapper.getAlarmList(userId);
        List<AlarmVo> list = CommonUtil.dealWithAccessControl(alarmList, List.class);
        for (AlarmVo alarm: list) {

--- a/license/src/main/java/iot/sixiang/license/service/impl/SysOperLogServiceImpl.java
+++ b/license/src/main/java/iot/sixiang/license/service/impl/SysOperLogServiceImpl.java
@@ -7,6 +7,7 @@ import iot.sixiang.license.handler.IotLicenseException;
 import iot.sixiang.license.mapper.SysOperLogMapper;
 import iot.sixiang.license.model.PageInfoModel;
 import iot.sixiang.license.service.SysOperLogService;
+import iot.sixiang.license.xss.XssUtil;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
@@ -32,6 +33,13 @@ public class SysOperLogServiceImpl extends ServiceImpl<SysOperLogMapper, SysOper
    @Override
    public boolean addOperlog(String title, Integer businessType, String uri, Integer status, String optParam, String errorMsg, Date operTime) {
+        title = XssUtil.checkXSS(title);
+        businessType = Integer.valueOf(XssUtil.checkXSS(String.valueOf(businessType)));
+        uri = XssUtil.checkXSS(uri);
+        status = Integer.valueOf(XssUtil.checkXSS(String.valueOf(status)));
+        optParam = XssUtil.checkXSS(optParam);
+        errorMsg = XssUtil.checkXSS(errorMsg);
+//        operTime = XssUtil.checkXSS(operTime);
        return sysOperLogMapper.addOperlog(title, businessType, uri, status, optParam, errorMsg, operTime);
    }