update 优化 xss包装器 Parameter 处理 兼容某些容器不允许改参数的情况

ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java

@@ -1,19 +1,22 @@
 package org.dromara.common.web.filter;
 
 import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HtmlUtil;
-import org.dromara.common.core.utils.StringUtils;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
-
 import jakarta.servlet.ReadListener;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
+import org.dromara.common.core.utils.StringUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -32,16 +35,22 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     @Override
     public String getParameter(String name) {
         String value = super.getParameter(name);
-        if (value != null) {
-            return HtmlUtil.cleanHtmlTag(value).trim();
+        if (value == null) {
+            return null;
         }
-        return value;
+        return HtmlUtil.cleanHtmlTag(value).trim();
     }
 
     @Override
     public Map<String, String[]> getParameterMap() {
         Map<String, String[]> valueMap = super.getParameterMap();
-        for (Map.Entry<String, String[]> entry : valueMap.entrySet()) {
+        if (MapUtil.isEmpty(valueMap)) {
+            return valueMap;
+        }
+        // 避免某些容器不允许改参数的情况 copy一份重新改
+        Map<String, String[]> map = new HashMap<>(valueMap.size());
+        map.putAll(valueMap);
+        for (Map.Entry<String, String[]> entry : map.entrySet()) {
             String[] values = entry.getValue();
             if (values != null) {
                 int length = values.length;
@@ -50,25 +59,25 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
                     // 防xss攻击和过滤前后空格
                     escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
                 }
-                valueMap.put(entry.getKey(), escapseValues);
+                map.put(entry.getKey(), escapseValues);
             }
         }
-        return valueMap;
+        return map;
     }
 
     @Override
     public String[] getParameterValues(String name) {
         String[] values = super.getParameterValues(name);
-        if (values != null) {
-            int length = values.length;
-            String[] escapseValues = new String[length];
-            for (int i = 0; i < length; i++) {
-                // 防xss攻击和过滤前后空格
-                escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
-            }
-            return escapseValues;
+        if (ArrayUtil.isEmpty(values)) {
+            return values;
         }
-        return values;
+        int length = values.length;
+        String[] escapseValues = new String[length];
+        for (int i = 0; i < length; i++) {
+            // 防xss攻击和过滤前后空格
+            escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+        }
+        return escapseValues;
     }
 
     @Override