Merge branch 'master' of https://gitee.com/y_project/RuoYi-Cloud

2025-09-06 04:18:07 +00:00 · 2021-11-17 19:43:12 +08:00
parent b106ae0e4f 173c0e384f
commit 0036a2a60c
23 changed files with 88 additions and 67 deletions
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
@@ -112,4 +112,10 @@ public class Constants
     * 资源映射路径 前缀
     */
    public static final String RESOURCE_PREFIX = "/profile";
+
+    /**
+     * 定时任务违规的字符
+     */
+    public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
+            "org.springframework.jndi" };
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/EscapeUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/EscapeUtil.java
@@ -69,26 +69,37 @@ public class EscapeUtil
     */
    private static String encode(String text)
    {
-        int len;
-        if ((text == null) || ((len = text.length()) == 0))
+        if (StringUtils.isEmpty(text))
        {
            return StringUtils.EMPTY;
        }
-        StringBuilder buffer = new StringBuilder(len + (len >> 2));
+
+        final StringBuilder tmp = new StringBuilder(text.length() * 6);
        char c;
-        for (int i = 0; i < len; i++)
+        for (int i = 0; i < text.length(); i++)
        {
            c = text.charAt(i);
-            if (c < 64)
+            if (c < 256)
            {
-                buffer.append(TEXT[c]);
+                tmp.append("%");
+                if (c < 16)
+                {
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
            }
            else
            {
-                buffer.append(c);
+                tmp.append("%u");
+                if (c <= 0xfff)
+                {
+                    // issue#I49JU8@Gitee
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
            }
        }
-        return buffer.toString();
+        return tmp.toString();
    }

    /**
@@ -145,11 +156,12 @@ public class EscapeUtil
    public static void main(String[] args)
    {
        String html = "<script>alert(1);</script>";
+        String escape = EscapeUtil.escape(html);
        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
        // String html = "<123";
        // String html = "123>";
-        System.out.println(EscapeUtil.clean(html));
-        System.out.println(EscapeUtil.escape(html));
-        System.out.println(EscapeUtil.unescape(html));
+        System.out.println("clean: " + EscapeUtil.clean(html));
+        System.out.println("escape: " + escape);
+        System.out.println("unescape: " + EscapeUtil.unescape(escape));
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
@@ -2,7 +2,6 @@ package com.ruoyi.common.core.utils.poi;

 import java.io.IOException;
 import java.io.InputStream;
-import java.io.OutputStream;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.math.BigDecimal;
@@ -357,7 +356,7 @@ public class ExcelUtil<T>
     * @return 结果
     * @throws IOException
     */
-    public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)throws IOException
+    public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)
    {
        exportExcel(response, list, sheetName, StringUtils.EMPTY);
    }
@@ -372,12 +371,12 @@ public class ExcelUtil<T>
     * @return 结果
     * @throws IOException
     */
-    public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title) throws IOException
+    public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title)
    {
        response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
        response.setCharacterEncoding("utf-8");
        this.init(list, sheetName, title, Type.EXPORT);
-        exportExcel(response.getOutputStream());
+        exportExcel(response);
    }

    /**
@@ -392,7 +391,7 @@ public class ExcelUtil<T>
     * @param sheetName 工作表的名称
     * @return 结果
     */
-    public void importTemplateExcel(HttpServletResponse response, String sheetName) throws IOException
+    public void importTemplateExcel(HttpServletResponse response, String sheetName)
    {
        importTemplateExcel(response, sheetName, StringUtils.EMPTY);
    }
@@ -404,12 +403,12 @@ public class ExcelUtil<T>
     * @param title 标题
     * @return 结果
     */
-    public void importTemplateExcel(HttpServletResponse response, String sheetName, String title) throws IOException
+    public void importTemplateExcel(HttpServletResponse response, String sheetName, String title)
    {
        response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
        response.setCharacterEncoding("utf-8");
        this.init(null, sheetName, title, Type.IMPORT);
-        exportExcel(response.getOutputStream());
+        exportExcel(response);
    }

    /**
@@ -417,12 +416,12 @@ public class ExcelUtil<T>
     * 
     * @return 结果
     */
-    public void exportExcel(OutputStream out)
+    public void exportExcel(HttpServletResponse response)
    {
        try
        {
            writeSheet();
-            wb.write(out);
+            wb.write(response.getOutputStream());
        }
        catch (Exception e)
        {
@@ -431,7 +430,6 @@ public class ExcelUtil<T>
        finally
        {
            IOUtils.closeQuietly(wb);
-            IOUtils.closeQuietly(out);
        }
    }