{"id":85,"date":"2007-04-06T12:00:00","date_gmt":"2007-04-06T12:00:00","guid":{"rendered":""},"modified":"2007-04-06T12:00:00","modified_gmt":"2007-04-06T12:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/www.inbreak.net\/archives\/85.html","title":{"rendered":"struts-config.xml\u7684\u914d\u7f6e\u4ee5\u53ca\u8fc7\u6ee4\u7528\u6237\u6240\u6709\u8f93\u5165"},"content":{"rendered":"

struts-config.xml\u7684\u914d\u7f6e\u7b14\u8bb0
\n \/\u6587 \u7a7a\u865a\u6d6a\u5b50\u5fc3<\/p>\n

code:<\/font><\/p>\n


\n<?xml version="1.0" encoding="UTF-8"?>
\n<!DOCTYPE struts-config PUBLIC "-\/\/Apache Software Foundation\/\/DTD Struts Configuration 1.1\/\/EN" "http:\/\/jakarta.apache.org\/struts\/dtds\/struts-config_1_1.dtd"><\/p>\n

<struts-config><\/p>\n

<data-sources >
\n\/\/\u6570\u636e\u6e90,\u597d\u5904\u662f\u5c01\u88c5\u6570\u636e\u5e93\u8fde\u63a5.
\n <data-source key="ds">\/\/\u6570\u636e\u6e90\u540d\u79f0,\u7528\u4e8e.getServletContext().getAttribute("ds");\u83b7\u53d6\u540e\u8bbe\u7f6e\u8fde\u63a5.
\n <set-property property="password" value="" \/>
\n <set-property property="minCount" value="2" \/>
\n <set-property property="maxCount" value="4" \/>
\n <set-property property="user" value="sa" \/>
\n <set-property property="driverClass" value="com.microsoft.jdbc.sqlserver.SQLServerDriver" \/><\/p>\n

<set-property property="description" value="hahahahahahhahahahah" \/>
\n <set-property property="url" value="jdbc:microsoft:sqlserver:\/\/localhost:1433;databaseName=pubs" \/>
\n <set-property property="readOnly" value="false" \/>
\n <set-property property="autoCommit" value="true" \/>
\n <set-property property="loginTimeout" value="10" \/>
\n <\/data-source><\/p>\n

<\/data-sources><\/p>\n

<form-beans >
\n \/\/ActionForm(\u63a5\u53d7\u7528\u6237\u8bf7\u6c42\u6570\u636e\u7136\u540e\u5c01\u88c5\u6210BEAN)\u58f0\u660e\u90e8\u5206
\n \/\/\u6bcf\u4e00\u4e2aActionForm\u90fd\u5e94\u8be5\u5728\u6b64\u58f0\u660e <form-bean \u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026 \/>
\n <form-bean name="checkForm" type="com.xaccp.form.CheckForm" \/><\/p>\n

<\/form-beans><\/p>\n

<global-exceptions \/>
\n <global-forwards >
\n \/\/\u5168\u5c40\u7684\u201d\u7ebf\u201c\uff0c\u7528\u4e8e\u591a\u4e2aaction\u90fd\u53ef\u4ee5\u8c03\u7528
\n <forward name="error" path="\/error.jsp"><\/forward>
\n <\/global-forwards><\/p>\n

\/\/action\u7684\u6620\u5c04\u914d\u7f6e\u3002
\n <action-mappings ><\/p>\n

<action path="\/check" type="com.xaccp.action.CheckAction" attribute="checkForm" name="checkForm" scope="request">
\n \/\/name,attribute,scope\u4e09\u4e2a\u5c5e\u6027\u662f\u5728\u5df2\u7ecf\u914d\u7f6e\u4e86\u4e00\u4e2aActionForm\u4ee5\u540e\u4f7f\u7528
\n \/\/\u9ed8\u8ba4\u53ea\u6709 path,type;
\n \/\/path:\u8def\u5f84
\n \/\/type:\u7c7b\u540d
\n \/\/name:ActionForm\u5bf9\u5e94\u7684\u540d\u5b57\u3002
\n \/\/attribute:\u653e\u5165session\/\uff08request\uff09\u91cc\u7684\u540d\u79f0\u3002
\n \/\/scope:request\u6216session\uff0c\u63a8\u8350\u4f7f\u7528reqeust\u3002<\/p>\n

\/\/forward\u662f\u201c\u7ebf\u201d\uff0c\u5c31\u662f\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u201c\u5c04\u7ebf\u201d\u7684\u4e1c\u897f\u3002\u8c03\u7528\u4e86mapping.findForward("ok");\u5c31\u4f1a\u8f6c\u5411ok.jsp\u9875\u9762\u3002
\n \/\/\u8fd9\u4e2a\u7ebf\u5728\u4e00\u4e2aaction\u8303\u56f4\u5185.
\n <forward name="ok" path="\/ok.jsp"><\/forward><\/p>\n

<forward name="fail" path="\/index1.jsp"><\/forward>
\n <\/action>
\n <action path="\/index" type="com.xaccp.action.IndexAction">
\n \/\/\u6ca1\u6709actionform\u5bf9\u5e94\u7684\u3002
\n <forward name="index" path="\/index1.jsp"><\/forward>
\n <\/action><\/p>\n

<\/action-mappings><\/p>\n

<controller processorClass="com.xaccp.util.Checkreqeust">
\n \/\/RequestProcessor[align=center] [\/align],\u76f8\u5f53\u4e8e\u8fc7\u6ee4\u5668,\u53ea\u80fd\u8fc7\u6ee4\u7528\u6237\u8bf7\u6c42.\u4e0d\u80fd\u8fc7\u6ee4response.
\n \/\/\u591a\u6570\u7528\u4e8e\u8bbe\u7f6eEncode.
\n \/\/\u53ef\u4ee5\u7528\u4e8e\u8fc7\u6ee4SQL\u6ce8\u5165;\u53c2\u89c1Checkreqeust.java.\u65b9\u6cd5processPreprocess\u5fc5\u987b\u8fd4\u56detrue,\u5426\u5219\u4f1a\u8fd4\u56de\u4e00\u4e2a\u7a7a\u767d\u9875\u9762.<\/p>\n

<\/controller> <\/p>\n

<message-resources parameter="com.xaccp.ApplicationResources" \/><\/p>\n

<plug-in className="com.xaccp.util.Init">
\n \/\/\u63d2\u4ef6\u7684\u4f5c\u7528\uff1a\u8fdb\u884c\u521d\u59cb\u5316\u5de5\u4f5c.\u5728\u8fd9\u91cc\u7528\u4e8egetConnection()
\n <\/plug-in>
\n<\/struts-config><\/p>\n

<\/i><\/p>\n

<\/blockquote>\n

——————————-Checkreqeust.java—————————————–<\/p>\n

code:<\/font><\/p>\n


\n\/\/\u4f5c\u8005:\u7a7a\u865a\u6d6a\u5b50\u5fc3
\n\/\/\u5fc5\u987b\u5728XML\u91cc\u8bbe\u7f6e\u4e86controller \u624d\u53ef\u4ee5\u7528.
\n\/\/<controller processorClass="com.xaccp.util.Checkreqeust"><\/controller>
\n\/\/\u9632\u6b62SQL\u6ce8\u5165\u5fc5\u987b\u4f7f\u7528\u57df\u5904\u7406\u6267\u884cSQL\u8bed\u53e5,\u8fd9\u91cc\u53ea\u80fd\u5224\u65ad\u540e\u8bb0\u5f55.
\npackage com.xaccp.util;<\/p>\n

import java.io.UnsupportedEncodingException;
\nimport java.util.ArrayList;
\nimport java.util.Enumeration;<\/p>\n

import javax.servlet.http.HttpServletRequest;
\nimport javax.servlet.http.HttpServletResponse;
\nimport javax.servlet.http.HttpSession;<\/p>\n

import org.apache.struts.action.RequestProcessor;<\/p>\n

public class Checkreqeust extends RequestProcessor {<\/p>\n

@Override
\n protected boolean processPreprocess(HttpServletRequest request, HttpServletResponse response) {<\/p>\n

try {
\n request.setCharacterEncoding("UTF-8"); \/\/\u8bbe\u7f6e\u4e2d\u6587\u663e\u793a
\n } catch (UnsupportedEncodingException e) {
\n e.printStackTrace();
\n }<\/p>\n

ArrayList arr=new ArrayList(); \/\/\u53ef\u53d8\u6570\u7ec4,\u56e0\u4e3a\u53c2\u6570\u4e2a\u6570\u672a\u77e5.<\/p>\n

Enumeration en = request.getParameterNames(); \/\/\u679a\u4e3e,\u83b7\u53d6\u6240\u6709\u53c2\u6570\u7684\u540d\u79f0.<\/p>\n

if (en==null)
\n {
\n return true;
\n }<\/p>\n

String strname<\/p>\n

while(en.hasMoreElements())
\n { \/\/\u904d\u5386\u679a\u4e3e,\u7136\u540e\u83b7\u53d6\u53c2\u6570\u4e2d\u5bf9\u5e94\u7684\u503c
\n strname=request.getParameter((String)en.nextElement());
\n arr.add(strname);
\n }<\/p>\n

HttpSession session=request.getSession();
\n for (int i = 0; i < arr.size(); i++)
\n {
\n String str=(String)arr.get(i);<\/p>\n

if (checkSqlIn(str)==false)
\n {
\n session.setAttribute("errr", "sql\u6ce8\u5165\uff01ip"+request.getLocalAddr()+"\u8bb0\u5f55\u5728\u6848\uff01");\/\/\u68c0\u6d4b\u5230\u4e86\u6ce8\u5165,\u5c31\u8bb0\u5f55\u5230SESSION\u91cc,\u8fd9\u91cc\u4e3a\u4e86\u6d4b\u8bd5,\u4e5f\u53ef\u4ee5\u6709\u5176\u4ed6\u65b9\u5f0f.
\n }
\n }<\/p>\n

return true;
\n }<\/p>\n

private boolean checkSqlIn(String strName)
\n { \/\/\u5224\u65ad,\u53ef\u80fd\u5199\u7684\u4e0d\u5168,\u4f46\u662f\u6709\u8fd9\u4e2a\u610f\u601d\u5c31\u597d.
\n strName=strName.toLowerCase();
\n if (strName.indexOf("select") > -1 || strName.indexOf("insert") > -1 || strName.indexOf("execute") > -1 || strName.indexOf(";") > -1 || strName.indexOf("–") > -1 || strName.indexOf("’") > -1 || strName.indexOf("\\"") > -1 || strName.indexOf("delete") > -1 )
\n {
\n return false;
\n }
\n return true;
\n }
\n}
\n<\/i><\/p>\n

<\/blockquote>\n

\u8fd9\u79cd\u65b9\u5f0f\u53ef\u4ee5\u6709\u6548\u7684\u9632\u6b62\u7ad9\u70b9\u4e0b\u6240\u6709\u7684\u63d0\u4ea4\u6570\u636e\u4e2d\u7684\u5185\u5bb9(\u9664\u975e\u4f60\u7528jsp\u5904\u7406\u4e1a\u52a1),
\n\u4e3b\u8981\u7528\u4e8e\u9632\u6b62\u6ce8\u5165,\u810f\u8bdd\u8fc7\u6ee4\u7b49.<\/p>\n","protected":false},"excerpt":{"rendered":"

struts-config.xml\u7684\u914d\u7f6e\u7b14\u8bb0 \/\u6587 \u7a7a\u865a\u6d6a\u5b50\u5fc3 code: &l …<\/p>\n

\u7ee7\u7eed\u9605\u8bfb »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"views":5182,"_links":{"self":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/85"}],"collection":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/comments?post=85"}],"version-history":[{"count":0,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/85\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/media?parent=85"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/categories?post=85"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/tags?post=85"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}