Bladeren bron

修复XSS漏洞

娄底高职分支
dao 1 week geleden
bovenliggende
commit
4308a80078
2 gewijzigde bestanden met toevoegingen van 13 en 1 verwijderingen
  1. +3
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs
  2. +10
    -0
      Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs

+ 3
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs Bestand weergeven

@@ -137,7 +137,9 @@ namespace Learun.Application.Web.Areas.LR_PortalSite.Controllers
[HttpPost]
public ActionResult UploadFile(string keyValue, ArticleEntity entity)
{
entity.F_Content = entity.F_Content.Replace("script","");
entity.F_Title= StringHelper.DelXss(entity.F_Title);
entity.F_Content=StringHelper.DelXss(entity.F_Content);
//entity.F_Content = entity.F_Content.Replace("script","");
HttpFileCollection files = System.Web.HttpContext.Current.Request.Files;
//没有文件上传,直接返回
if (files[0].ContentLength == 0 || string.IsNullOrEmpty(files[0].FileName))


+ 10
- 0
Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs Bestand weergeven

@@ -19,5 +19,15 @@
}
return str;
}

public static string DelXss(string str)
{
if (string.IsNullOrEmpty(str))
return string.Empty;
str = str.Replace("<", "$lt;");
str = str.Replace(">", "$gt;");

return str;
}
}
}

Laden…
Annuleren
Opslaan