Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
H
hp-smart
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
platform
hp-smart
Commits
e47680ef
Commit
e47680ef
authored
Mar 12, 2024
by
wuwenlong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
防XSS注入&4j版本升级
parent
940cfd4d
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
47 additions
and
6 deletions
+47
-6
pom.xml
pom.xml
+2
-2
XSSFilterConfig.java
src/main/java/com/baosight/hpjx/xss/XSSFilterConfig.java
+22
-0
iPlatV6-login.jsp
src/main/resources/META-INF/resources/iPlatV6-login.jsp
+2
-2
index.jsp
src/main/webapp/index.jsp
+21
-2
No files found.
pom.xml
View file @
e47680ef
...
...
@@ -5,7 +5,7 @@
<parent>
<artifactId>
iplat4j-smart-boot-starter
</artifactId>
<groupId>
com.baosight.iplat4j
</groupId>
<version>
1.0.8
</version>
<version>
7.0.0
</version>
</parent>
<modelVersion>
4.0.0
</modelVersion>
...
...
@@ -95,7 +95,7 @@
<dependency>
<groupId>
com.baosight.iplat4j
</groupId>
<artifactId>
redis-plugin
</artifactId>
<version>
1.0.8
</version>
<version>
7.0.0
</version>
</dependency>
<!-- <dependency>-->
<!-- <groupId>com.baosight.iplat4j</groupId>-->
...
...
src/main/java/com/baosight/hpjx/xss/XSSFilterConfig.java
0 → 100644
View file @
e47680ef
package
com
.
baosight
.
hpjx
.
xss
;
import
com.baosight.iplat4j.core.web.filter.GetXssFilter
;
import
org.springframework.boot.web.servlet.FilterRegistrationBean
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
@Configuration
public
class
XSSFilterConfig
{
@Bean
GetXssFilter
xssFilter
()
{
GetXssFilter
xssFilter
=
new
GetXssFilter
();
return
xssFilter
;
}
@Bean
public
FilterRegistrationBean
xssFilterRegistrationBean
(
GetXssFilter
xssFilter
)
{
FilterRegistrationBean
registrationBean
=
new
FilterRegistrationBean
(
xssFilter
);
//
registrationBean
.
setOrder
(-
105
);
return
registrationBean
;
}
}
\ No newline at end of file
src/main/resources/META-INF/resources/iPlatV6-login.jsp
View file @
e47680ef
...
...
@@ -123,12 +123,12 @@
<link
rel=
"shortcut icon"
href=
"iplat.ico"
type=
"image/x-icon"
>
<link
rel=
"stylesheet"
id=
"css-main"
href=
"${iPlatStaticURL}/iplatui/assets/css/iplat.ui.bootstrap.min.css"
>
<link
href=
"${iPlatStaticURL}/iPlatV
6
-login.css"
rel=
"stylesheet"
type=
"text/css"
/>
<link
href=
"${iPlatStaticURL}/iPlatV
7
-login.css"
rel=
"stylesheet"
type=
"text/css"
/>
<
%
--
<
link
rel=
"stylesheet"
type=
"text/css"
href=
"${iPlatStaticURL}/iplatui/css/iplat.ui.ued.login.css"
>
<
%
–
ued亮色样式
–
%
>
--%>
<script
src=
"${iPlatStaticURL}/kendoui/js/jquery.min.js"
></script>
<!--[if lte IE 8]>
<link href="${iPlatStaticURL}/iPlatV
6
-login-ie.css" rel="stylesheet" type="text/css"/>
<link href="${iPlatStaticURL}/iPlatV
7
-login-ie.css" rel="stylesheet" type="text/css"/>
<script src="${iPlatStaticURL}/iplatui/assets/js/polyfills/iplat.ui.ie8.polyfills.min.js"></script>
<![endif]-->
...
...
src/main/webapp/index.jsp
View file @
e47680ef
...
...
@@ -14,7 +14,7 @@
<
%
final
Logger
logger =
LoggerFactory.getLogger("index");
//门户插件跳转逻辑
String
loginName =
UserSession.getLoginName();
String
loginName =
UserSession.getLoginName()
==null?
"
admin
"
:UserSession
.
getLoginName
()
;
String
userId =
UserSession.getUserUuid();
String
url =
""
;
...
...
@@ -51,17 +51,33 @@
HttpSession
currentSession =
request.getSession();
String
sessionTimeout=
PlatApplicationContext.getProperty("iplat4j.ui.sessionTimeout");
if
(!
sessionTimeout
.
isEmpty
()){
if
(
-1=
=Integer.valueOf(sessionTimeout)){
currentSession
.
setMaxInactiveInterval
(
-1
);
}
else
{
Integer
sessionTimeoutNumber =
Integer.valueOf(sessionTimeout)*60;
currentSession
.
setMaxInactiveInterval
(
sessionTimeoutNumber
);
}
//
获取会话的最大非活动间隔时间(单位为秒)
int
maxInactiveInterval =
currentSession.getMaxInactiveInterval();
int
maxInactiveIntervalMinutes =
maxInactiveInterval
/
60
;
logger
.
info
("获取会话的最大非活动间隔时间(单位为秒)!"+
maxInactiveInterval
);
}
String
ip=
""
;
if
(
request
.
getHeader
("
x-forwarded-for
")
==
null
)
{
ip=
request.getRemoteAddr();
}
else
{
ip=
request.getHeader("x-forwarded-for");
}
%
>
<c:set
var=
"url"
value=
"<%=url%>"
/>
<c:set
var=
"frameOpenWeb"
value=
"<%=frameOpenWeb%>"
/>
<c:set
var=
"frameOpenCname"
value=
"<%=frameOpenCname%>"
/>
<c:set
var=
"ip"
value=
"<%=ip%>"
/>
<html
lang=
"zh"
>
<head>
<meta
http-equiv=
"X-UA-Compatible"
content=
"IE=edge"
/>
...
...
@@ -81,9 +97,12 @@
console
.
log
(
"redirect to "
+
url
);
var
userId
=
'<%=userId%>'
;
var
loginName
=
'<%=loginName%>'
;
let
ip
=
"${ip}"
;
sessionStorage
.
setItem
(
"userId"
,
userId
);
sessionStorage
.
setItem
(
"loginName"
,
loginName
);
sessionStorage
.
setItem
(
"ip"
,
ip
);
if
(
url
!=
null
&&
url
!=
""
)
{
window
.
location
.
href
=
'${ctx}/web/'
+
url
;
sessionStorage
.
removeItem
(
"frameOpenWeb"
);
...
...
@@ -97,7 +116,7 @@
sessionStorage
.
removeItem
(
"frameOpenCname"
);
}
window
.
location
.
href
=
'${ctx}/iPlatV
6
-index.jsp'
;
window
.
location
.
href
=
'${ctx}/iPlatV
7
-index.jsp'
;
}
</script>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment