fg_v2.0.git - Gitblit

			@@ -52,12 +52,15 @@
			//这个里面是允许*的,可以放过
			if (
			(requestURI.contains("user/") && c == '*' && (request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.POST.name()) \|\| request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.PUT.name())))
			\|\| (requestURI.contains("/EchartPictureDowload/exportExcel") && c == '/' && (request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.POST.name()) \|\| request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.PUT.name())))

			) {
			continue;
			} else if ((requestURI.contains(".servlet") \|\| requestURI.contains("menu/menuList")) && c == '/') {
			continue;
			}
			response.setStatus(403);
			response.setContentType("text/html;charset=utf-8");
			response.getWriter().write("非法请求,不允许包含特殊字符");
			return;
			}
			@@ -79,7 +82,8 @@
			if (index != -1) {
			//这个里面是允许*的,可以放过
			if (
			(requestURI.contains("user/") && c == '*' && (request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.POST.name()) \|\| request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.PUT.name())))
			(requestURI.contains("/user") && (c == '*' \|\| c =='/' ) && (request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.POST.name()) \|\| request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.PUT.name())))
			\|\| (requestURI.contains("/EchartPictureDowload/exportExcel") && c == '/' && (request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.POST.name()) \|\| request.getMethod().toUpperCase(Locale.ENGLISH).equals(RequestMethod.PUT.name())))

			) {
			continue;
			@@ -89,6 +93,7 @@

			//paramValue = paramValue.replace(String.valueOf(LDAP_FILTER_ESCAPE_SEQUENCE[charIndex]), LDAP_FILTER_ESCAPE_SEQUENCE_CHARACTER[charIndex]);
			response.setStatus(403);
			response.setContentType("text/html;charset=utf-8");
			response.getWriter().write("非法请求,不允许包含特殊字符");
			return;
			}