purovps/jshERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化过滤的代码,修复漏洞

Browse Source
This commit is contained in:
jishenghua
2025-08-07 16:42:52 +08:00
parent c2a26be65c
commit a32d453d07
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
View File

@@ -38,7 +38,7 @@ public class LogCostFilter implements Filter {
HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response; HttpServletResponse servletResponse = (HttpServletResponse) response;
String requestUrl = servletRequest.getRequestURI(); String requestUrl = servletRequest.getRequestURI();
if(requestUrl.contains("../") || requestUrl.contains("..;/")) { if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e")) {
servletResponse.setStatus(500); servletResponse.setStatus(500);
servletResponse.getWriter().write("loginOut"); servletResponse.getWriter().write("loginOut");
return; return;