72 lines
2.2 KiB
Plaintext
72 lines
2.2 KiB
Plaintext
//package com.nationalelectric.greenH5.Aspect;
|
|
//
|
|
//import org.aspectj.lang.annotation.Around;
|
|
//import org.aspectj.lang.annotation.Aspect;
|
|
//import org.springframework.stereotype.Component;
|
|
//import org.springframework.web.bind.annotation.RequestMapping;
|
|
//
|
|
//import com.alibaba.fastjson.JSON;
|
|
//import com.nationalelectirc.Constant.Constant;
|
|
//import com.nationalelectirc.utils.RestResult;
|
|
//
|
|
//import org.apache.commons.lang.StringEscapeUtils;
|
|
//import org.aspectj.lang.ProceedingJoinPoint;
|
|
//
|
|
///**
|
|
// * @since 2019-09-03
|
|
// * @author wangbowei
|
|
// */
|
|
//@Aspect
|
|
//@Component
|
|
//public class ParameterAspect {
|
|
//
|
|
//
|
|
// @Around(value="@annotation(requestMapping)",argNames = "requestMapping")
|
|
// public Object proxy(ProceedingJoinPoint joinPoint,RequestMapping requestMapping){
|
|
//
|
|
// try {
|
|
//
|
|
// Object[] args = joinPoint.getArgs();
|
|
// String req = null;
|
|
// if (args != null) {
|
|
// for (Object arg : args) {
|
|
// Object json = JSON.toJSON(arg);
|
|
// req = json.toString().trim();
|
|
// if(req.indexOf("{") == 0
|
|
// && "}".equals(String.valueOf(req.charAt(req.length()-1)))){
|
|
// checkValue(req);
|
|
// }
|
|
// //System.out.println(arg.toString());
|
|
// }
|
|
// }
|
|
// return joinPoint.proceed();
|
|
// } catch (Throwable e) {
|
|
//
|
|
//
|
|
// return new RestResult(Constant.FAILED,e.getMessage());
|
|
// }
|
|
// }
|
|
//
|
|
//
|
|
// private static final String[] keys = "<script|alert|%3cscript|script>|script%3e|alert|window|%3cinput|<input|%3cimg|<img|iframe|<iframe|%3ciframe"
|
|
// .split("\\|");
|
|
// private static final String[] sqls = "select|chr|\\<|\\>|where|\\*|\\#|\\\"|delete|left|right|insert|mid|master\\.|【|】|¥|\\^|\\$|drop|creat|like"
|
|
// .split("\\|");
|
|
// private void checkValue(String value) throws Exception{
|
|
// for(String key : keys){
|
|
// if(value.indexOf(key) >=0){
|
|
// key = StringEscapeUtils.escapeHtml(key);
|
|
// throw new Exception("您输入了非法字符!\r\n"+key);
|
|
// }
|
|
// }
|
|
// for(String sql : sqls){
|
|
// if(value.indexOf(sql) >=0){
|
|
// sql = StringEscapeUtils.escapeHtml(sql);
|
|
//
|
|
// throw new Exception("您输入了非法字符!\r\n"+sql);
|
|
//
|
|
// }
|
|
// }
|
|
// }
|
|
//}
|