2026-03-24

接口优化，不校验xss

src/main/java/com/gaotao/common/xss/XssHttpServletRequestWrapper.java

@@ -35,18 +35,20 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     @Override
     public ServletInputStream getInputStream() throws IOException {
-        //非json类型，直接返回
-        if(!MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(super.getHeader(HttpHeaders.CONTENT_TYPE))){
+        // 对于 application/json 类型的请求，直接返回原始流，不做全局的正则 XSS 过滤
+        // 因为直接对整个 JSON 字符串做正则替换会破坏 JSON 结构（误删双引号、大括号等）
+        String contentType = super.getHeader(HttpHeaders.CONTENT_TYPE);
+        if (StringUtils.isNotBlank(contentType) && contentType.toLowerCase().contains(MediaType.APPLICATION_JSON_VALUE.toLowerCase())) {
             return super.getInputStream();
         }
 
-        //为空，直接返回
+        // 为空，直接返回
         String json = IOUtils.toString(super.getInputStream(), "utf-8");
         if (StringUtils.isBlank(json)) {
             return super.getInputStream();
         }
 
-        //xss过滤
+        // xss过滤
         json = xssEncode(json);
         final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
         return new ServletInputStream() {

src/main/java/com/gaotao/modules/pms/data/QcFAIRecordData.java

@@ -295,4 +295,5 @@ public class QcFAIRecordData extends QueryPage {
     private String customerNo;
     private String customerName;
     private Integer detailImageNum;
+    private BigDecimal dhjs;
 }

src/main/resources/mapper/pms/QcMapper.xml

@@ -970,6 +970,7 @@
         a.po_orderNo,
         a.po_itemNo,
         a.roll_count,
+        a.roll_count as dhjs,
         dbo.qc_get_order_type(a.site, a.po_orderNo, a.po_itemNo) as orderType,
         a.action_date,
         a.action_by,