update 优化魔法值

This commit is contained in:
疯狂的狮子Li 2022-07-05 02:06:31 +00:00 committed by Gitee
parent 6f48fc3c58
commit 0a893d196e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 6 additions and 4 deletions

View File

@ -10,6 +10,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletRequestWrapper;
import com.ruoyi.common.utils.http.HttpHelper; import com.ruoyi.common.utils.http.HttpHelper;
import com.ruoyi.common.constant.Constants;
/** /**
* 构建可重复读取inputStream的request * 构建可重复读取inputStream的request
@ -23,10 +24,10 @@ public class RepeatedlyRequestWrapper extends HttpServletRequestWrapper
public RepeatedlyRequestWrapper(HttpServletRequest request, ServletResponse response) throws IOException public RepeatedlyRequestWrapper(HttpServletRequest request, ServletResponse response) throws IOException
{ {
super(request); super(request);
request.setCharacterEncoding("UTF-8"); request.setCharacterEncoding(Constants.UTF8);
response.setCharacterEncoding("UTF-8"); response.setCharacterEncoding(Constants.UTF8);
body = HttpHelper.getBodyString(request).getBytes("UTF-8"); body = HttpHelper.getBodyString(request).getBytes(Constants.UTF8);
} }
@Override @Override

View File

@ -12,6 +12,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.enums.HttpMethod;
/** /**
* 防止XSS攻击的过滤器 * 防止XSS攻击的过滤器
@ -59,7 +60,7 @@ public class XssFilter implements Filter
String url = request.getServletPath(); String url = request.getServletPath();
String method = request.getMethod(); String method = request.getMethod();
// GET DELETE 不过滤 // GET DELETE 不过滤
if (method == null || method.matches("GET") || method.matches("DELETE")) if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method))
{ {
return true; return true;
} }