Commit 45a49a85 authored by zengtianlai3's avatar zengtianlai3

xss 优化

parent a21ba397
...@@ -112,7 +112,6 @@ public class OperateController { ...@@ -112,7 +112,6 @@ public class OperateController {
public BaseResult readAlarm() { public BaseResult readAlarm() {
String i = UserUtils.getLoginUserId(); String i = UserUtils.getLoginUserId();
int uI = Integer.valueOf(i); int uI = Integer.valueOf(i);
uI = Integer.valueOf(XssUtil.checkXSS(String.valueOf(uI)));
boolean res = alarmReadService.readAlarm(uI); boolean res = alarmReadService.readAlarm(uI);
if (res) { if (res) {
return BaseResult.success(); return BaseResult.success();
......
...@@ -9,6 +9,7 @@ import iot.sixiang.license.mapper.AlarmReadMapper; ...@@ -9,6 +9,7 @@ import iot.sixiang.license.mapper.AlarmReadMapper;
import iot.sixiang.license.model.vo.AlarmVo; import iot.sixiang.license.model.vo.AlarmVo;
import iot.sixiang.license.service.AlarmReadService; import iot.sixiang.license.service.AlarmReadService;
import iot.sixiang.license.util.CommonUtil; import iot.sixiang.license.util.CommonUtil;
import iot.sixiang.license.xss.XssUtil;
import org.apache.poi.ss.formula.functions.T; import org.apache.poi.ss.formula.functions.T;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
...@@ -39,6 +40,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead ...@@ -39,6 +40,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead
if (userId == 0) { if (userId == 0) {
throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(),ResultCode.VALIDATE_FAILED.getMsg()); throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(),ResultCode.VALIDATE_FAILED.getMsg());
} }
userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
List<AlarmVo> alarmList = alarmMapper.getAlarmList(userId); List<AlarmVo> alarmList = alarmMapper.getAlarmList(userId);
List<AlarmVo> list = CommonUtil.dealWithAccessControl(alarmList, List.class); List<AlarmVo> list = CommonUtil.dealWithAccessControl(alarmList, List.class);
for (AlarmVo alarm: list) { for (AlarmVo alarm: list) {
......
...@@ -7,6 +7,7 @@ import iot.sixiang.license.handler.IotLicenseException; ...@@ -7,6 +7,7 @@ import iot.sixiang.license.handler.IotLicenseException;
import iot.sixiang.license.mapper.SysOperLogMapper; import iot.sixiang.license.mapper.SysOperLogMapper;
import iot.sixiang.license.model.PageInfoModel; import iot.sixiang.license.model.PageInfoModel;
import iot.sixiang.license.service.SysOperLogService; import iot.sixiang.license.service.SysOperLogService;
import iot.sixiang.license.xss.XssUtil;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.annotation.Resource; import javax.annotation.Resource;
...@@ -32,6 +33,13 @@ public class SysOperLogServiceImpl extends ServiceImpl<SysOperLogMapper, SysOper ...@@ -32,6 +33,13 @@ public class SysOperLogServiceImpl extends ServiceImpl<SysOperLogMapper, SysOper
@Override @Override
public boolean addOperlog(String title, Integer businessType, String uri, Integer status, String optParam, String errorMsg, Date operTime) { public boolean addOperlog(String title, Integer businessType, String uri, Integer status, String optParam, String errorMsg, Date operTime) {
title = XssUtil.checkXSS(title);
businessType = Integer.valueOf(XssUtil.checkXSS(String.valueOf(businessType)));
uri = XssUtil.checkXSS(uri);
status = Integer.valueOf(XssUtil.checkXSS(String.valueOf(status)));
optParam = XssUtil.checkXSS(optParam);
errorMsg = XssUtil.checkXSS(errorMsg);
// operTime = XssUtil.checkXSS(operTime);
return sysOperLogMapper.addOperlog(title, businessType, uri, status, optParam, errorMsg, operTime); return sysOperLogMapper.addOperlog(title, businessType, uri, status, optParam, errorMsg, operTime);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment