hz-zhhq-app-service/greenH5modul/.svn/pristine/d5/d5a49c12c7f1971577ab1d199fb...

//package com.nationalelectric.greenH5.Aspect;
//
//import org.aspectj.lang.annotation.Around;
//import org.aspectj.lang.annotation.Aspect;
//import org.springframework.stereotype.Component;
//import org.springframework.web.bind.annotation.RequestMapping;
//
//import com.alibaba.fastjson.JSON;
//import com.nationalelectirc.Constant.Constant;
//import com.nationalelectirc.utils.RestResult;
//
//import org.apache.commons.lang.StringEscapeUtils;
//import org.aspectj.lang.ProceedingJoinPoint;
//
///**
// * @since 2019-09-03
// * @author wangbowei
// */
//@Aspect
//@Component
//public class ParameterAspect {
//
//	
//	@Around(value="@annotation(requestMapping)",argNames = "requestMapping")
//	public Object proxy(ProceedingJoinPoint joinPoint,RequestMapping requestMapping){
//		
//		try {
//			
//	        Object[] args = joinPoint.getArgs();
//	        String req = null;
//	        if (args != null) {
//	        	for (Object arg : args) {
//	        		Object json = JSON.toJSON(arg);
//	        		req = json.toString().trim();
//	        		if(req.indexOf("{") == 0
//							&& "}".equals(String.valueOf(req.charAt(req.length()-1)))){
//	        			checkValue(req);
//	        		}
//	        		//System.out.println(arg.toString());
//				}
//			}
//			return joinPoint.proceed();
//		} catch (Throwable e) {
//			
//			
//			return new RestResult(Constant.FAILED,e.getMessage());
//		}
//	}
//	
//
//	private static final String[] keys = "<script|alert|%3cscript|script>|script%3e|alert|window|%3cinput|<input|%3cimg|<img|iframe|<iframe|%3ciframe"
//			.split("\\|");
//	private static final String[] sqls = "select|chr|\\<|\\>|where|\\*|\\#|\\\"|delete|left|right|insert|mid|master\\.|【|】|￥|\\^|\\$|drop|creat|like"
//			.split("\\|");
//	private void checkValue(String value) throws Exception{
//		for(String key : keys){
//			if(value.indexOf(key) >=0){
//				key = StringEscapeUtils.escapeHtml(key);
//				throw new Exception("您输入了非法字符!\r\n"+key);
//			}
//		}
//		for(String sql : sqls){
//			if(value.indexOf(sql) >=0){
//				sql = StringEscapeUtils.escapeHtml(sql);
//				
//				throw new Exception("您输入了非法字符!\r\n"+sql);
//				
//			}
//		}
//	}
//}
first commit 2025-01-21 13:12:35 +08:00			`//package com.nationalelectric.greenH5.Aspect;`
			`//`
			`//import org.aspectj.lang.annotation.Around;`
			`//import org.aspectj.lang.annotation.Aspect;`
			`//import org.springframework.stereotype.Component;`
			`//import org.springframework.web.bind.annotation.RequestMapping;`
			`//`
			`//import com.alibaba.fastjson.JSON;`
			`//import com.nationalelectirc.Constant.Constant;`
			`//import com.nationalelectirc.utils.RestResult;`
			`//`
			`//import org.apache.commons.lang.StringEscapeUtils;`
			`//import org.aspectj.lang.ProceedingJoinPoint;`
			`//`
			`///**`
			`// * @since 2019-09-03`
			`// * @author wangbowei`
			`// */`
			`//@Aspect`
			`//@Component`
			`//public class ParameterAspect {`
			`//`
			`//`
			`// @Around(value="@annotation(requestMapping)",argNames = "requestMapping")`
			`// public Object proxy(ProceedingJoinPoint joinPoint,RequestMapping requestMapping){`
			`//`
			`// try {`
			`//`
			`// Object[] args = joinPoint.getArgs();`
			`// String req = null;`
			`// if (args != null) {`
			`// for (Object arg : args) {`
			`// Object json = JSON.toJSON(arg);`
			`// req = json.toString().trim();`
			`// if(req.indexOf("{") == 0`
			`// && "}".equals(String.valueOf(req.charAt(req.length()-1)))){`
			`// checkValue(req);`
			`// }`
			`// //System.out.println(arg.toString());`
			`// }`
			`// }`
			`// return joinPoint.proceed();`
			`// } catch (Throwable e) {`
			`//`
			`//`
			`// return new RestResult(Constant.FAILED,e.getMessage());`
			`// }`
			`// }`
			`//`
			`//`
			`// private static final String[] keys = "<script\|alert\|%3cscript\|script>\|script%3e\|alert\|window\|%3cinput\|<input\|%3cimg\|<img\|iframe\|<iframe\|%3ciframe"`
			`// .split("\\\|");`
			`// private static final String[] sqls = "select\|chr\|\\<\|\\>\|where\|\\*\|\\#\|\\\"\|delete\|left\|right\|insert\|mid\|master\\.\|【\|】\|￥\|\\^\|\\$\|drop\|creat\|like"`
			`// .split("\\\|");`
			`// private void checkValue(String value) throws Exception{`
			`// for(String key : keys){`
			`// if(value.indexOf(key) >=0){`
			`// key = StringEscapeUtils.escapeHtml(key);`
			`// throw new Exception("您输入了非法字符!\r\n"+key);`
			`// }`
			`// }`
			`// for(String sql : sqls){`
			`// if(value.indexOf(sql) >=0){`
			`// sql = StringEscapeUtils.escapeHtml(sql);`
			`//`
			`// throw new Exception("您输入了非法字符!\r\n"+sql);`
			`//`
			`// }`
			`// }`
			`// }`
			`//}`