Java Code Examples for com.xnx3.StringUtil#filterXss()

The following examples show how to use com.xnx3.StringUtil#filterXss() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserServiceImpl.java    From wangmarket with Apache License 2.0 6 votes vote down vote up
public BaseVO updateNickname(HttpServletRequest request) {
	BaseVO baseVO = new BaseVO();
	String nickname = StringUtil.filterXss(request.getParameter("nickname"));
	if(nickname == null){
		nickname = "";
	}
	if(nickname.length()==0){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_updateNicknameNotNull"));
		return baseVO;
	}
	if(nickname.length()>15){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_updateNicknameSizeFailure"));
		return baseVO;
	}
	
	User u = sqlDAO.findById(User.class, ShiroFunc.getUser().getId());
	u.setNickname(nickname);
	sqlDAO.save(u);
	ShiroFunc.getUser().setNickname(nickname);
	baseVO.setInfo(nickname);
	
	return baseVO;
}
 
Example 2
Source File: SystemSetAgencyController.java    From wangmarket with Apache License 2.0 5 votes vote down vote up
/**
 * 保存公告
 * @param value 要更改的公告的信息,
 */
@RequiresPermissions("agencyIndex")
@RequestMapping("saveNotice${url.suffix}")
@ResponseBody
public BaseVO saveNotice(HttpServletRequest request,
		@RequestParam(value = "value", required = true) String value){
	Agency agency = getMyAgency();
	if(agency == null){
		return error("您不是代理,无权操作");
	}
	value = StringUtil.filterXss(value);
	
	AgencyData agencyData = sqlService.findAloneBySqlQuery("SELECT * FROM agency_data WHERE id = "+getMyAgency().getId(), AgencyData.class);
	if(agencyData == null){
		//兼容4.4版本以前的。这个功能是4.4版本才增加的
		agencyData = new AgencyData();
		agencyData.setId(agency.getId());
	}
	agencyData.setNotice(value);
	sqlService.save(agencyData);
	
	//更新session缓存
	com.xnx3.wangmarket.admin.Func.getUserBeanForShiroSession().setMyAgencyData(agencyData);
			
	//记录操作日志
	AliyunLog.addActionLog(agencyData.getId(), "代理更改公告");
	
	return success();
}
 
Example 3
Source File: TemplateVO.java    From wangmarket with Apache License 2.0 5 votes vote down vote up
/**
 * 获取json的某个 String 的值,并进行xss过滤
 */
public String getJsonStringAndFilterXSS(JSONObject json, String key){
	if(json == null){
		return "";
	}
	if(json.get(key) == null){
		return "";
	}
	
	return StringUtil.filterXss(getJsonString(json.getString(key)));
}
 
Example 4
Source File: SmsLogServiceImpl.java    From wangmarket with Apache License 2.0 5 votes vote down vote up
/**
 * 发送手机号登录的验证码
 * @param request {@link HttpServletRequest}
 * 			<br/>form表单需提交参数:phone(发送到的手机号)
 * @return {@link BaseVO}
 */
public BaseVO sendPhoneLoginCode(HttpServletRequest request) {
	String phone = StringUtil.filterXss(request.getParameter("phone"));
	BaseVO baseVO = sendSMS(request, phone, SmsLog.TYPE_LOGIN);
	if(baseVO.getResult() - BaseVO.SUCCESS == 0){
		//发送短信
		String result = SMSUtil.send(phone, Language.show("sms_loginSendCodeText").replaceAll("\\$\\{code\\}", baseVO.getInfo()+""));
		if(result == null){
			baseVO.setBaseVO(BaseVO.SUCCESS, Language.show("sms_codeSendYourPhoneSuccess"));
		}else{
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("sms_saveFailure")+"-"+result);
		}
	}
	return baseVO;
}
 
Example 5
Source File: FormManagePluginController.java    From wangmarket with Apache License 2.0 4 votes vote down vote up
/**
 * 提交反馈信息,只限 post 提交
 * @param id 要删除的输入模型的id,对应 {@link InputModel}.id
 */
@RequestMapping(value="formAdd${url.suffix}", method = RequestMethod.POST)
@ResponseBody
public BaseVO formAdd(HttpServletRequest request, Model model,
		@RequestParam(value = "siteid", required = false , defaultValue="0") int siteid,
		@RequestParam(value = "title", required = false , defaultValue="") String title){
	String ip = IpUtil.getIpAddress(request);
	Frequency frequency = frequencyMap.get(ip);
	int currentTime = DateUtil.timeForUnix10();	//当前10位时间戳
	//今天尚未提交过,那么创建一个记录
	if(frequency == null){
		frequency = new Frequency();
		frequency.setIp(ip);
	}
	
	//判断当前是否允许提交反馈信息,如果不允许,需要记录,并返回不允许的提示。
	if(frequency.getForbidtime() > currentTime){
		//间隔时间太短,不允许提交反馈信息
		frequency.setErrorNumber(frequency.getErrorNumber()+1);
		frequencyMap.put(ip, frequency);	//临时存储,这个存储时间是一天,每天清除一次
		return error("距离上次提交时间太短,等会再试试吧");
	}
	
	/** 下面就是允许提交的逻辑处理了 **/
	frequency.setLasttime(currentTime);	//设置当前为最后一次提交的时间
	frequency.setForbidtime(currentTime + FeedbackTimeInterval);	//设置下次允许提交反馈的时间节点,这个时间节点之前是不允许在此提交的
	frequencyMap.put(ip, frequency);	//临时存储,这个存储时间是一天,每天清除一次
	
	
	title = StringUtil.filterXss(title);
	if(siteid <= 0){
		return error("请传入您的站点id(siteid),不然,怎么知道此反馈表单是属于哪个网站的呢?");
	}
	
	Form form = new Form();
	form.setAddtime(DateUtil.timeForUnix10());
	form.setSiteid(siteid);
	form.setState(Form.STATE_UNREAD);
	form.setTitle(title);
	sqlService.save(form);
	if(form.getId() != null && form.getId() > 0){
		//成功,进而存储具体内容。存储内容时,首先要从提交的数据中,便利出所有表单数据.这里是原始提交的结果,需要进行xss过滤
		Map<String, String[]> params = new HashMap<String, String[]>();
		params.putAll(request.getParameterMap());
		//删除掉siteid、title的参数
		params.remove("siteid");
		if(params.get("title") != null){
			params.remove("title");
		}
		
		JSONArray jsonArray = new JSONArray();	//text文本框所存储的内容
		for (Map.Entry<String, String[]> entry : params.entrySet()) { 
			JSONObject json = new JSONObject();
			JSONArray valueJsonArray = new JSONArray();
			
			for (int i = 0; i < entry.getValue().length; i++) {
				valueJsonArray.add(StringUtil.filterXss(entry.getValue()[i]));
			}
			json.put(StringUtil.filterXss(entry.getKey()), valueJsonArray);
			jsonArray.add(json);
		}
		String text = jsonArray.toString();
		if(text.length() > textMaxLength){
			return error("信息太长,非法提交!");
		}
		
		FormData formData = new FormData();
		formData.setId(form.getId());
		formData.setText(text);
		sqlService.save(formData);
		
		//记录日志
		AliyunLog.addActionLog(form.getId(), "提交表单反馈", form.getTitle());
		
		return success();
	}else{
		return error("保存失败");
	}
	
}
 
Example 6
Source File: SiteController.java    From wangmarket with Apache License 2.0 4 votes vote down vote up
/**
 * 修改站点绑定的域名
 * @param siteid v2.1版本中以废弃,从Session中拿Site
 */
@RequestMapping(value="updateBindDomain${url.suffix}", method = RequestMethod.POST)
@ResponseBody
public BaseVO updateBindDomain(Model model,HttpServletRequest request,
		@RequestParam(value = "bindDomain", required = false , defaultValue="") String bindDomain){
	BaseVO vo = new BaseVO();
	
	bindDomain = StringUtil.filterXss(bindDomain);
	
	//v3.0版本更新,若不填写,则是绑定空的字符串,也就是解除之前的域名绑定!
	if(bindDomain.length() == 0){
		//为空,则是取消域名绑定
	}else{
		//查询此域名是否被绑定过了
		int scount = sqlService.count("site", "WHERE bind_domain = '"+bindDomain+"'");
		if(scount > 0){
			vo.setBaseVO(BaseVO.FAILURE, "此域名已经被绑定过了!");
			return vo;
		}
	}
	
	//v2.1更新,直接从Session中拿site.id
	Site site = sqlService.findById(Site.class, getSiteId());
	String oldBindDomain = site.getBindDomain();
	site.setBindDomain(bindDomain);
	sqlService.save(site);
	
	//更新域名服务器
	MQBean mqBean = new MQBean();
	mqBean.setType(MQBean.TYPE_BIND_DOMAIN);
	mqBean.setOldValue(oldBindDomain);
	mqBean.setSimpleSite(new SimpleSite(site));
	siteService.updateDomainServers(mqBean);
	
	//刷新Session缓存
	Func.getUserBeanForShiroSession().setSite(site);
	
	//刷新site.js
	new com.xnx3.wangmarket.admin.cache.Site().site(site,imService.getImByCache());
	
	AliyunLog.addActionLog(site.getId(), "修改站点绑定的域名为:"+site.getBindDomain());
	return vo;
}
 
Example 7
Source File: LoginController.java    From wangmarket with Apache License 2.0 4 votes vote down vote up
/**
	 * 用户开通账户并创建网站,进行提交保存
	 * @param username 用户名
	 * @param email 邮箱,可为空
	 * @param password 密码
	 * @param phone 手机号
	 * @param code 手机验证码
	 * @param clilent 网站类型
	 */
	@RequestMapping(value="userCreateSite${url.suffix}", method = RequestMethod.POST)
	@ResponseBody
	public BaseVO userCreateSite(HttpServletRequest request,
			@RequestParam(value = "username", required = false , defaultValue="") String username,
			@RequestParam(value = "email", required = false , defaultValue="") String email,
			@RequestParam(value = "password", required = false , defaultValue="") String password,
			@RequestParam(value = "phone", required = false , defaultValue="") String phone,
			@RequestParam(value = "code", required = false , defaultValue="") String code
//			@RequestParam(value = "clilent", required = false , defaultValue="3") Short client
			){
		if(Global.getInt("ALLOW_USER_REG") == 0){
			return error("抱歉,当前禁止用户自行注册开通网站!");
		}
		username = StringUtil.filterXss(username);
		email = filter(email);
		phone = filter(phone);
		code = filter(code);
		
		//判断用户的短信验证码
//		BaseVO verifyVO = smsLogService.verifyPhoneAndCode(phone, code, SmsLog.TYPE_REG, 300);
//		if(verifyVO.getResult() - BaseVO.FAILURE == 0){
//			return verifyVO;
//		}
		
		//注册用户
		User user = new User();
		user.setUsername(username);
		user.setPhone(phone);
		user.setEmail(email);
		user.setPassword(password);
		user.setOssSizeHave(G.REG_GENERAL_OSS_HAVE);
		BaseVO userVO = userService.reg(user, request);
		if(userVO.getResult() - BaseVO.FAILURE == 0){
			return userVO;
		}
		
		//为此用户设置其自动登录成功
		int userid = Lang.stringToInt(userVO.getInfo(), 0);
		if(userid == 0){
			ActionLogCache.insert(request, "warn", "自助开通网站,自动创建账号出现问题。info:"+userVO.getInfo());
			return error("自动创建账号出现问题");
		}
		BaseVO loginVO = userService.loginByUserid(request,userid);
		if(loginVO.getResult() - BaseVO.FAILURE == 0){
			return loginVO;
		}
		UserBean userBean = new UserBean();
		//将拥有所有功能的管理权限,将功能菜单全部遍历出来,赋予这个用户
		Map<String, String> menuMap = new HashMap<String, String>();
		for (TemplateMenuEnum e : TemplateMenuEnum.values()) {
			menuMap.put(e.id, "1");
		}
		userBean.setSiteMenuRole(menuMap);
		ShiroFunc.getCurrentActiveUser().setObj(userBean);
		
		//开通网站
		Site site = new Site();
		site.setExpiretime(DateUtil.timeForUnix10() + 31622400);	//到期,一年后,366天后
		site.setClient(Site.CLIENT_CMS);	// v4.11更新 创建网站默认是 CMS 类型
		site.setPhone(phone);
		site.setName("网站名字");
		SiteVO siteVO = siteService.saveSite(site, userid, request);
		AliyunLog.addActionLog(userid, "自助创建网站提交保存",(siteVO.getResult() - SiteVO.SUCCESS == 0 ? "成功":"失败")+",username:"+user.getUsername());
		if(siteVO.getResult() - SiteVO.SUCCESS == 0){
			/**
			 * 免费通道
			 */
			
			return success();
		}else{
			return error(siteVO.getInfo());
		}
	}
 
Example 8
Source File: BaseController.java    From wangmarket with Apache License 2.0 2 votes vote down vote up
/**
 * 过滤安全隐患,进行xss、sql注入过滤
 * @return 过滤好的字符
 */
public String filter(String text){
	return StringUtil.filterXss(Sql.filter(text));
}
 
Example 9
Source File: Safety.java    From wangmarket with Apache License 2.0 2 votes vote down vote up
/**
 * 进行xss、sql注入等过滤,常用于用户输入
 * @param text 要过滤得字符串
 * @return 过滤好的字符
 */
public static String filter(String text){
	return StringUtil.filterXss(Sql.filter(text));
}