Pre Merge pull request !272 from runphp/N/A

!397 修复actuator暴漏问题
Merge pull request !397 from 威士忌的纯度/N/A
2026-02-01 14:31:56 +08:00 · 2025-03-10 03:45:44 +00:00 · 2025-03-10 03:45:34 +00:00 · 2025-03-07 10:22:52 +00:00 · 2022-10-25 03:53:01 +00:00
2 changed files with 3 additions and 2 deletions
--- a/docker/nginx/conf/nginx.conf
+++ b/docker/nginx/conf/nginx.conf
@@ -29,7 +29,7 @@ http {
        }

        # 避免actuator暴露
-        if ($request_uri ~ "/actuator") {
+        if ($uri ~ "/actuator") {
            return 403;
        }

--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java
@@ -1,6 +1,7 @@
 package com.ruoyi.auth.controller;

 import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -35,7 +36,7 @@ public class TokenController
    public R<?> login(@RequestBody LoginBody form)
    {
        // 用户登录
-        LoginUser userInfo = sysLoginService.login(form.getUsername(), form.getPassword());
+        LoginUser userInfo = sysLoginService.login(form.getUsername(), StringEscapeUtils.unescapeHtml(form.getPassword()));
        // 获取登录token
        return R.ok(tokenService.createToken(userInfo));
    }
Author	SHA1	Message	Date
runphp	f0cd9ff5c7	Pre Merge pull request !272 from runphp/N/A	2025-03-10 03:45:44 +00:00
若依	a6bcebb62b	!397 修复actuator暴漏问题 Merge pull request !397 from 威士忌的纯度/N/A	2025-03-10 03:45:34 +00:00
威士忌的纯度	1cb262daa3	修复actuator暴漏问题 Signed-off-by: 威士忌的纯度 <whr888888@vip.qq.com>	2025-03-07 10:22:52 +00:00
runphp	4e37e6ee12	fix: 密码修改为包含大于号等特殊字符登录失败 Signed-off-by: runphp <runphp@qq.com>	2022-10-25 03:53:01 +00:00