bonus
/
dameng_real_name
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

渗透测试漏洞修复

This commit is contained in:
马三炮 2025-11-26 17:57:29 +08:00
parent ff19105298
commit 5b4fc26ffa
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
View File

@ -82,7 +82,9 @@ public class XssFilter implements GlobalFilter, Ordered
DataBufferUtils.release(join);
String bodyStr = new String(content, StandardCharsets.UTF_8);
try {
if (bodyStr.contains("username") || bodyStr.contains("password")){
if (bodyStr.contains("username") || bodyStr.contains("password") || bodyStr.contains("userName")
|| bodyStr.contains("idNumber") || bodyStr.contains("orgId") || bodyStr.contains("phone") ||
bodyStr.contains("phonenumber")){
}else {
bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());