From 575baa8d49a9b4827c53ffbb6dc1c2d6a6601ac4 Mon Sep 17 00:00:00 2001
From: JEECG <445654970@qq.com>
Date: Sat, 14 Sep 2024 14:15:31 +0800
Subject: [PATCH] =?UTF-8?q?JeecgBoot3.7XSS=E6=BC=8F=E6=B4=9E=E5=A4=84?=
 =?UTF-8?q?=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../modules/system/controller/WechatVerifyController.java  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
index ada0b0df..437c596e 100644
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
@@ -3,6 +3,8 @@ package org.jeecg.modules.system.controller;
 import javax.servlet.http.HttpServletResponse;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.jeecg.modules.system.util.XssUtils;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -23,8 +25,13 @@ public class WechatVerifyController {
      */
     @RequestMapping(value = "/WW_verify_{code}.txt")
     public void mpVerify(@PathVariable("code") String code, HttpServletResponse response) {
+        if(StringUtils.isEmpty(code)){
+            log.error("企业微信证书验证失败！(code为空)");
+            return;
+        }
         try {
             PrintWriter writer = response.getWriter();
+            code = XssUtils.scriptXss(code);
             writer.write(code);
             writer.close();
         } catch (Exception e) {