github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

JeecgBoot3.7XSS漏洞处理

pull/7256/head
JEECG 2024-09-14 14:15:31 +08:00
parent 48bc76cce7
commit 575baa8d49
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
View File

@ -3,6 +3,8 @@ package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.jeecg.modules.system.util.XssUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@ -23,8 +25,13 @@ public class WechatVerifyController {
*/
@RequestMapping(value = "/WW_verify_{code}.txt")
public void mpVerify(@PathVariable("code") String code, HttpServletResponse response) {
if(StringUtils.isEmpty(code)){
log.error("企业微信证书验证失败!(code为空)");
return;
}
try {
PrintWriter writer = response.getWriter();
code = XssUtils.scriptXss(code);
writer.write(code);
writer.close();
} catch (Exception e) {