hz-zhhq-app-service/greenH5modul/.svn/pristine/0f/0ff17e20e584e1c2a1dc994c689...

package com.nationalelectric.greenH5.utils;

import org.apache.commons.lang.StringEscapeUtils;

import com.alibaba.fastjson.JSON;
import com.nationalelectric.greenH5.MyException;


public final class CheckParamUtil {

	
	public static Object checkJsonValue(Object object) throws MyException {
		
			if (object != null) {

				Object json = JSON.toJSON(object);
				String string = json.toString();
				if (string.indexOf("{") == 0 && "}".equals(String.valueOf(string.charAt(string.length() - 1)))) {
					String[] split = string.split(":");
					if (split != null) {
						for (String string2 : split) {
							if (string2.contains(",") ) {
								String[] split2 = string2.split(",");
								checkValue(split2[0]);
							}
							if (string2.contains("}")) {
								checkValue(string2);
							}
						}
					}
					
					
					// System.out.println(arg.toString());
				}
			}

		return null;
	}
	
	private static final String[] keys = "<script|alert|%3cscript|script>|script%3e|alert|window|%3cinput|<input|%3cimg|<img|iframe|<iframe|%3ciframe"
			.split("\\|");
	private static final String[] sqls = "..|select|update|\\<|\\>|\\*|\\#|delete|insert|master\\.|【|】|￥|\\^|\\$"
			.split("\\|");
	public static Object checkValue(String value) throws MyException {
		for(String key : keys){
			if(value.indexOf(key) >=0){
				key = StringEscapeUtils.escapeHtml(key);
				throw new MyException("您输入了非法字符!\r\n"+key);
			}
		}
		for(String sql : sqls){
			if(value.indexOf(sql) >=0){
				sql = StringEscapeUtils.escapeHtml(sql);
				throw new MyException("您输入了非法字符!\r\n"+sql);
			}
		}
		return null;
	}
}
first commit 2025-01-21 13:12:35 +08:00			`package com.nationalelectric.greenH5.utils;`

			`import org.apache.commons.lang.StringEscapeUtils;`

			`import com.alibaba.fastjson.JSON;`
			`import com.nationalelectric.greenH5.MyException;`


			`public final class CheckParamUtil {`


			`public static Object checkJsonValue(Object object) throws MyException {`

			`if (object != null) {`

			`Object json = JSON.toJSON(object);`
			`String string = json.toString();`
			`if (string.indexOf("{") == 0 && "}".equals(String.valueOf(string.charAt(string.length() - 1)))) {`
			`String[] split = string.split(":");`
			`if (split != null) {`
			`for (String string2 : split) {`
			`if (string2.contains(",") ) {`
			`String[] split2 = string2.split(",");`
			`checkValue(split2[0]);`
			`}`
			`if (string2.contains("}")) {`
			`checkValue(string2);`
			`}`
			`}`
			`}`


			`// System.out.println(arg.toString());`
			`}`
			`}`

			`return null;`
			`}`

			`private static final String[] keys = "<script\|alert\|%3cscript\|script>\|script%3e\|alert\|window\|%3cinput\|<input\|%3cimg\|<img\|iframe\|<iframe\|%3ciframe"`
			`.split("\\\|");`
			`private static final String[] sqls = "..\|select\|update\|\\<\|\\>\|\\*\|\\#\|delete\|insert\|master\\.\|【\|】\|￥\|\\^\|\\$"`
			`.split("\\\|");`
			`public static Object checkValue(String value) throws MyException {`
			`for(String key : keys){`
			`if(value.indexOf(key) >=0){`
			`key = StringEscapeUtils.escapeHtml(key);`
			`throw new MyException("您输入了非法字符!\r\n"+key);`
			`}`
			`}`
			`for(String sql : sqls){`
			`if(value.indexOf(sql) >=0){`
			`sql = StringEscapeUtils.escapeHtml(sql);`
			`throw new MyException("您输入了非法字符!\r\n"+sql);`
			`}`
			`}`
			`return null;`
			`}`
			`}`