package kernel.web;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequestWrapper;
|
import org.apache.commons.lang.StringEscapeUtils;
|
|
public class Web114RequestWrapper extends HttpServletRequestWrapper
|
{
|
public Web114RequestWrapper(HttpServletRequest request)
|
{
|
super(request);
|
}
|
|
public String getParameter(String name)
|
{
|
String value = super.getParameter(name);
|
if ((!name.equals("BPassportLoginResponse")) && (!name.equals("BPassportCheckResponse")) && (value != null)) {
|
value = filterUserInput(value);
|
}
|
return value;
|
}
|
|
public String[] getParameterValues(String name)
|
{
|
String[] values = super.getParameterValues(name);
|
if (values != null)
|
{
|
int i = 0; for (int l = values.length; i < l; i++)
|
{
|
values[i] = filterUserInput(values[i]);
|
}
|
}
|
return values;
|
}
|
|
private String filterUserInput(String input)
|
{
|
input = StringEscapeUtils.escapeSql(input);
|
input = StringEscapeUtils.escapeHtml(input);
|
input = StringEscapeUtils.escapeJavaScript(input);
|
|
return input;
|
}
|
}
|
