Commit a21ba397 authored by zengtianlai3's avatar zengtianlai3

xss 优化

parent 78800464
......@@ -103,7 +103,8 @@ public class DeviceController {
@MyLog(title = "获取设备详细信息接口", optParam = "#{pageNo},#{pageSize},#{appName},#{userName}", businessType = BusinessType.SELECT)
@ApiImplicitParams({@ApiImplicitParam(name = "pageNo", value = "当前在第几页", required = true, dataType = "int"), @ApiImplicitParam(name = "pageSize", value = "每页显示多少条", required = true, dataType = "int"), @ApiImplicitParam(name = "appName", value = "应用名"), @ApiImplicitParam(name = "userName", value = "用户名")})
public PageResult<DeviceDetailVo> getDeviceDetailList(@RequestParam(value = "pageNo", defaultValue = "0") int pageNo, @RequestParam(value = "pageSize", defaultValue = "0") int pageSize, @RequestParam(value = "appName", required = false) String appName, @RequestParam(value = "userName", required = false) String userName) {
appName = XssUtil.checkXSS(appName);
userName = XssUtil.checkXSS(userName);
PageInfoModel<DeviceDetailVo> records = deviceManager.getDeviceDetailList(pageNo, pageSize, appName, userName);
int total = records.getTotal();
int pages = total / pageSize;//pages为总页数
......
......@@ -112,6 +112,7 @@ public class OperateController {
public BaseResult readAlarm() {
String i = UserUtils.getLoginUserId();
int uI = Integer.valueOf(i);
uI = Integer.valueOf(XssUtil.checkXSS(String.valueOf(uI)));
boolean res = alarmReadService.readAlarm(uI);
if (res) {
return BaseResult.success();
......
......@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiOperation;
import iot.sixiang.license.log.BusinessType;
import iot.sixiang.license.log.MyLog;
import iot.sixiang.license.resource.ResourceManager;
import iot.sixiang.license.xss.XssUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -29,6 +30,7 @@ public class ResourceContrller {
@MyLog(title = "下载资源", optParam = "#{userId}", businessType = BusinessType.OTHER)
@ApiImplicitParam(name = "userId",value = "用户Id",required = true, dataType = "int")
public void downloadWorkHourRecordTemplate(HttpServletResponse response, @RequestParam(value = "userId") int userId) {
userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
resourceManager.downloadDeviceInfoExcle(response, userId);
}
......
......@@ -2,6 +2,7 @@ package iot.sixiang.license.jwt;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import iot.sixiang.license.xss.XssUtil;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.*;
......@@ -45,6 +46,7 @@ public class JwtFilter implements Filter {
if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
if (uri.contains(url1) || uri.contains(url2)) {
uri = XssUtil.checkXSS(uri);
UserUtils.setUri(uri);
}
check = false;
......
......@@ -47,6 +47,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead
int typeId = alarm.getTypeId();
String title = alarm.getTitle();
String content = alarm.getContent();
boolean res = alarmReadMapper.readAlarm(alarmId, typeId, title, content, userId);
if (!res) {
return false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment