From a21547c07990184ab1ce06e3ec3859b78c54798f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=A8=80=E6=9B=8C?= <847064370@qq.com>
Date: Wed, 27 Apr 2022 15:55:09 +0800
Subject: [PATCH 1/4] Update README.md
---
README.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/README.md b/README.md
index a7eaa732..de37e93c 100755
--- a/README.md
+++ b/README.md
@@ -1,3 +1,8 @@
+## 博主开发的其他博客或论坛项目全部在这里
+**[https://liuyanzhao.com/shop.html?k=博客](https://liuyanzhao.com/shop.html?k=博客)**
+**[https://liuyanzhao.com/shop.html?k=论坛](https://liuyanzhao.com/shop.html?k=论坛)**
+- -------------------------------------------------------------------------------
+
2022 最新消息 SpringBoot轻量级推荐博客 [https://github.com/saysky/recommendedblog](https://github.com/saysky/recommendedblog)
最新消息,SpringBoot博客已经开源,[SENS](https://github.com/saysky/SENS)
最新消息 SpringBoot/SSM/Duubo多个版本 [初云博客-SpringBoot版本](https://github.com/saysky/ChuyunBlog)
From 43ca2d44a3ecce90bc84a47209f0b3f579e09f88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=A8=80=E6=9B=8C?= <847064370@qq.com>
Date: Tue, 17 May 2022 20:58:05 +0800
Subject: [PATCH 2/4] Update README.md
---
README.md | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index de37e93c..e4ceafd7 100755
--- a/README.md
+++ b/README.md
@@ -2,13 +2,22 @@
**[https://liuyanzhao.com/shop.html?k=博客](https://liuyanzhao.com/shop.html?k=博客)**
**[https://liuyanzhao.com/shop.html?k=论坛](https://liuyanzhao.com/shop.html?k=论坛)**
- -------------------------------------------------------------------------------
+博主提供风吟博客二次开发功能
+目前已完成但不限于以下功能(需要相关源码可以联系博主)
+- 风吟博客+协同过滤推荐功能 2022年5月
+- 风吟博客+websocket私信聊天功能 2022年4月
+- 风吟博客+ElasticSearch文章搜索高亮功能 2022年3月
+- 风吟博客改造成其他博客、论坛、知识分享平台 不计其数
+
+- ----------------------------------
+
2022 最新消息 SpringBoot轻量级推荐博客 [https://github.com/saysky/recommendedblog](https://github.com/saysky/recommendedblog)
最新消息,SpringBoot博客已经开源,[SENS](https://github.com/saysky/SENS)
最新消息 SpringBoot/SSM/Duubo多个版本 [初云博客-SpringBoot版本](https://github.com/saysky/ChuyunBlog)
[更多项目、博主付费商品](https://liuyanzhao.com/shop.html)
-
+- ------------------------------------------------------------
# 关于项目
该博客是基于SSM实现的个人博客系统,适合初学SSM和个人博客制作的同学学习。
最新版本支持用户注册,包含用户和管理员两个角色 。
From aa99908befd4abe17e623526ec5170ccbefdf298 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=A8=80=E6=9B=8C?= <847064370@qq.com>
Date: Thu, 30 Jun 2022 10:48:02 +0800
Subject: [PATCH 3/4] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index e4ceafd7..34f7ac9b 100755
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+最新消息,博主已开通B站账号:[Java刘哥](https://space.bilibili.com/160340478),欢迎关注,分享自己原创免费Java实战课程、各种框架实战和技巧、以及公司项目经验
## 博主开发的其他博客或论坛项目全部在这里
**[https://liuyanzhao.com/shop.html?k=博客](https://liuyanzhao.com/shop.html?k=博客)**
**[https://liuyanzhao.com/shop.html?k=论坛](https://liuyanzhao.com/shop.html?k=论坛)**
From 2b19cdae93cd9cffc56b713c8303ae811bf867f3 Mon Sep 17 00:00:00 2001
From: machen <2921029282@qq.com>
Date: Fri, 9 Jun 2023 15:34:38 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dxss=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../liuyanzhao/ssm/blog/Filter/XssFilter.java | 25 +++++++++
.../Filter/XssHttpServletRequestWrapper.java | 56 +++++++++++++++++++
ForestBlog/src/main/webapp/WEB-INF/web.xml | 8 +++
3 files changed, 89 insertions(+)
create mode 100644 ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssFilter.java
create mode 100644 ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssHttpServletRequestWrapper.java
diff --git a/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssFilter.java b/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssFilter.java
new file mode 100644
index 00000000..c930f47b
--- /dev/null
+++ b/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssFilter.java
@@ -0,0 +1,25 @@
+package com.liuyanzhao.ssm.blog.Filter;
+
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+public class XssFilter implements Filter {
+ @Override
+ public void destroy() {
+ }
+ /**
+ * 过滤器用来过滤的方法
+ */
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ //包装request
+ XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
+ chain.doFilter(xssRequest, response);
+ }
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+}
diff --git a/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssHttpServletRequestWrapper.java b/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssHttpServletRequestWrapper.java
new file mode 100644
index 00000000..b325c22d
--- /dev/null
+++ b/ForestBlog/src/main/java/com/liuyanzhao/ssm/blog/Filter/XssHttpServletRequestWrapper.java
@@ -0,0 +1,56 @@
+package com.liuyanzhao.ssm.blog.Filter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.util.Map;
+
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
+ HttpServletRequest orgRequest = null;
+
+ public XssHttpServletRequestWrapper(HttpServletRequest request) {
+ super(request);
+ }
+ /**
+ * 覆盖getParameter方法,将参数名和参数值都做xss过滤。
+ * 如果需要获得原始的值,则通过super.getParameterValues(name)来获取
+ * getParameterNames,getParameterValues和getParameterMap也可能需要覆盖
+ */
+ @Override
+ public String getParameter(String name) {
+ String value = super.getParameter(xssEncode(name));
+ if (value != null) {
+ value = xssEncode(value);
+ }
+ return value;
+ }
+ @Override
+ public String[] getParameterValues(String name) {
+ String[] value = super.getParameterValues(name);
+ if(value != null){
+ for (int i = 0; i < value.length; i++) {
+ value[i] = xssEncode(value[i]);
+ }
+ }
+ return value;
+ }
+ @Override
+ public Map getParameterMap() {
+ return super.getParameterMap();
+ }
+ /**
+ * 将容易引起xss漏洞的半角字符直接替换成全角字符 在保证不删除数据的情况下保存
+ * @return 过滤后的值
+ */
+ private static String xssEncode(String value) {
+ if (value == null || value.isEmpty()) {
+ return value;
+ }
+ value = value.replaceAll("eval\\((.*)\\)", "");
+ value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
+ value = value.replaceAll("(?i).*?", "");
+ value = value.replaceAll("(?i).*?", "");
+ value = value.replaceAll("(?i)<.*?javascript:.*?>.*?", "");
+ value = value.replaceAll("(?i)<.*?\\s+on.*?>.*?", "");
+ return value;
+ }
+}
diff --git a/ForestBlog/src/main/webapp/WEB-INF/web.xml b/ForestBlog/src/main/webapp/WEB-INF/web.xml
index 069ed93a..c82b7d4b 100755
--- a/ForestBlog/src/main/webapp/WEB-INF/web.xml
+++ b/ForestBlog/src/main/webapp/WEB-INF/web.xml
@@ -117,5 +117,13 @@
+
+ XssFilter
+ com.liuyanzhao.ssm.blog.Filter.XssFilter
+
+
+ XssFilter
+ /*
+