From e5448c0fcb8ecd1cf117c117ed6f6792827acfbc Mon Sep 17 00:00:00 2001
From: fengyuan_yang <1976974459@qq.com>
Date: Tue, 24 Mar 2026 15:18:56 +0800
Subject: [PATCH] =?UTF-8?q?2026-03-24=20=E6=8E=A5=E5=8F=A3=E4=BC=98?=
 =?UTF-8?q?=E5=8C=96=EF=BC=8C=E4=B8=8D=E6=A0=A1=E9=AA=8Cxss?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/xss/XssHttpServletRequestWrapper.java       | 10 ++++++----
 .../com/gaotao/modules/pms/data/QcFAIRecordData.java   |  1 +
 src/main/resources/mapper/pms/QcMapper.xml             |  1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/gaotao/common/xss/XssHttpServletRequestWrapper.java b/src/main/java/com/gaotao/common/xss/XssHttpServletRequestWrapper.java
index 7b66cab..6ec20d9 100644
--- a/src/main/java/com/gaotao/common/xss/XssHttpServletRequestWrapper.java
+++ b/src/main/java/com/gaotao/common/xss/XssHttpServletRequestWrapper.java
@@ -35,18 +35,20 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     @Override
     public ServletInputStream getInputStream() throws IOException {
-        //非json类型，直接返回
-        if(!MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(super.getHeader(HttpHeaders.CONTENT_TYPE))){
+        // 对于 application/json 类型的请求，直接返回原始流，不做全局的正则 XSS 过滤
+        // 因为直接对整个 JSON 字符串做正则替换会破坏 JSON 结构（误删双引号、大括号等）
+        String contentType = super.getHeader(HttpHeaders.CONTENT_TYPE);
+        if (StringUtils.isNotBlank(contentType) && contentType.toLowerCase().contains(MediaType.APPLICATION_JSON_VALUE.toLowerCase())) {
             return super.getInputStream();
         }
 
-        //为空，直接返回
+        // 为空，直接返回
         String json = IOUtils.toString(super.getInputStream(), "utf-8");
         if (StringUtils.isBlank(json)) {
             return super.getInputStream();
         }
 
-        //xss过滤
+        // xss过滤
         json = xssEncode(json);
         final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
         return new ServletInputStream() {
diff --git a/src/main/java/com/gaotao/modules/pms/data/QcFAIRecordData.java b/src/main/java/com/gaotao/modules/pms/data/QcFAIRecordData.java
index 5165d1d..15da6e6 100644
--- a/src/main/java/com/gaotao/modules/pms/data/QcFAIRecordData.java
+++ b/src/main/java/com/gaotao/modules/pms/data/QcFAIRecordData.java
@@ -295,4 +295,5 @@ public class QcFAIRecordData extends QueryPage {
     private String customerNo;
     private String customerName;
     private Integer detailImageNum;
+    private BigDecimal dhjs;
 }
diff --git a/src/main/resources/mapper/pms/QcMapper.xml b/src/main/resources/mapper/pms/QcMapper.xml
index e9824a4..e36f3cf 100644
--- a/src/main/resources/mapper/pms/QcMapper.xml
+++ b/src/main/resources/mapper/pms/QcMapper.xml
@@ -970,6 +970,7 @@
         a.po_orderNo,
         a.po_itemNo,
         a.roll_count,
+        a.roll_count as dhjs,
         dbo.qc_get_order_type(a.site, a.po_orderNo, a.po_itemNo) as orderType,
         a.action_date,
         a.action_by,