From 586c80d902df56324646af38e069113a2720f3ad Mon Sep 17 00:00:00 2001
From: yaoq <Yaoq@92827>
Date: Wed, 20 Jul 2022 16:03:29 +0800
Subject: [PATCH] =?UTF-8?q?Xss=20=E8=BF=87=E6=BB=A4=E5=99=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 smtweb-framework/bpm/src/main/resources/config/application.yaml  | 2 +-
 .../cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java   | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/smtweb-framework/bpm/src/main/resources/config/application.yaml b/smtweb-framework/bpm/src/main/resources/config/application.yaml
index ede1cda..faec76f 100644
--- a/smtweb-framework/bpm/src/main/resources/config/application.yaml
+++ b/smtweb-framework/bpm/src/main/resources/config/application.yaml
@@ -27,7 +27,7 @@ spring:
     password:
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://127.0.0.1:3306/smt_asp?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
+    url: jdbc:mysql://127.0.0.1:3306/gdmz?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
     username: root
     password: root
   servlet:
diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java
index 0250874..96055e2 100644
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java
@@ -59,6 +59,9 @@ public class XssSecurityConfig implements InitializingBean {
 
     @Override
     public void afterPropertiesSet() throws Exception {
+        if (regex == null || regex.size() == 0) {
+            return;
+        }
         StringBuffer tempStr = new StringBuffer("^");
         regex.forEach(k -> {
             tempStr.append(k);
@@ -88,6 +91,7 @@ public class XssSecurityConfig implements InitializingBean {
      * @return
      */
     public String securityReplace(String text) {
+        if (!initSuccess()) return text;
         if (StringUtils.isEmpty(text)) {
             return text;
         } else {
@@ -102,11 +106,16 @@ public class XssSecurityConfig implements InitializingBean {
      * @return
      */
     public boolean matches(String text) {
+        if (!initSuccess()) return false;
         if (StringUtils.isEmpty(text)) {
             return false;
         }
         return XSS_PATTERN.matcher(text).matches();
     }
+
+    private boolean initSuccess() {
+        return regex != null && regex.size() > 0;
+    }
 }