出路径遍历,高危修复

WebContent/WEB-INF/views/modules/airline/SailingFileForm.jsp

@@ -24,6 +24,12 @@
       $("#file").click();
     }
         $(document).ready(function() {
+            var fileInput = $('#file')[0];
+            var fileExtension = file.name.split('.').pop().toLowerCase();
+            if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                alert("请选择Excel格式的文件");
+                return;
+            }
             $('#file').on('change', function(){
                 
              $('#form').ajaxForm(options).submit();
@@ -77,7 +83,7 @@
        <a href="${ctx}/airline/verify/list"><input id="btnCancel" class="btn" type="button" value="返回" /></a>    </div>
 </form:form>
 <form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data">
-<input type="file" name="file" id="file" value="" /><br/>
+<input type="file" name="file" id="file" value=""  accept=".xls,.xlsx"/><br/>
 <input type="submit" value="确认提交">
 </form>
 

WebContent/WEB-INF/views/modules/airline/contactsForm.jsp

@@ -20,7 +20,9 @@
                 html += "<option value='" + data[i].id + "'>" + data[i].departName + "</option>"
                }
                }
-            $("#depart").append(html);
+			var domParser = new DOMParser();
+			var doc = domParser.parseFromString(html, 'text/html');
+            $("#depart").innerHTML(doc);
         }
         $("#depart").select2().val("${userProfileEntity.departId}").trigger("change");
         });

WebContent/WEB-INF/views/modules/airline/verifyList.jsp

@@ -34,12 +34,20 @@
         }
         $(document).ready(function(){
         	top.$.jBox.tip.mess=0;
+
                 $('#file').on('change', function(){
 
                     $('#form').ajaxForm(options).submit();
                     
                 });
                 $("#btnImport").click(function(){
+                    var fileInput = $('#form')[0];
+                    var fileExtension = file.name.split('.').pop().toLowerCase();
+                    if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                        $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                            bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
+                        return;
+                    }
                     $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
                         bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
                 });
@@ -50,7 +58,7 @@
 <div id="importBox" class="hide">
     <form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data"
           class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-        <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>
+        <input id="uploadFile" name="file" type="file" style="width:330px"  accept=".xls,.xlsx"/><br/><br/>
         <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
         <a href="${ctx}/airline/verify/import/template">下载模板</a>
     </form>
@@ -149,7 +157,7 @@
 </table>
 <div class="pagination">${page}</div>
 <form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data">
-<input type="file" name="file" id="file" value="" /><br/>
+<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>
 <input type="submit" value="确认提交">
 </form>
 

WebContent/WEB-INF/views/modules/airline/verifyUpdateUserList.jsp

@@ -2,7 +2,7 @@
 <%@ include file="/WEB-INF/views/include/taglib.jsp" %>
 <html>
 <head>
-<script src="${ctxStatic}/jquery-form/jquery-form.js" type="text/javascript"></script>
+    <script src="${ctxStatic}/jquery-form/jquery-form.js" type="text/javascript"></script>
     <title>论证部门管理</title>
     <meta name="decorator" content="default"/>
     <script verify="text/javascript">
@@ -13,35 +13,58 @@
             $("#searchForm").submit();
             return false;
         }
+
         var options = {
             type: "POST",
-                url:urls,
+            url: urls,
             dataType: 'json'
         };
-        var url="${ctx}/airline/sailingfile/upload";
-        var urls=url;
-        function upload(id){
-          urls=url+"?id="+id;
+        var url = "${ctx}/airline/sailingfile/upload";
+        var urls = url;
+
+        function upload(id) {
+            urls = url + "?id=" + id;
             options = {
                 type: "POST",
-                  url:urls,
+                url: urls,
                 dataType: 'json',
-                  success:function(data){
-                	  window.location.href='${ctx}/airline/verifyUpdateUser/list?message=成功';
+                success: function (data) {
+                    window.location.href = '${ctx}/airline/verifyUpdateUser/list?message=成功';
                 }
             };
             $("#file").click();
         }
-        $(document).ready(function(){
-        	top.$.jBox.tip.mess=0;
-                $('#file').on('change', function(){
+
+        $(document).ready(function () {
+            top.$.jBox.tip.mess = 0;
+            var fileInput = $('#file')[0];
+            var fileExtension = fileInput.name.split('.').pop().toLowerCase();
+            if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                $.jBox($("#importBox").html(), {
+                    title: "导入数据", buttons: {"关闭": true},
+                    bottomText: "仅允许导入“xls”或“xlsx”格式文件！"
+                });
+                return;
+            }
+            $('#file').on('change', function () {
 
                 $('#form').ajaxForm(options).submit();
 
             });
-                $("#btnImport").click(function(){
-                    $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
-                        bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
+            $("#btnImport").click(function () {
+                var file = $('#uploadFile')[0];
+                var fileExtension = file.name.split('.').pop().toLowerCase();
+                if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                    $.jBox($("#importBox").html(), {
+                        title: "导入数据", buttons: {"关闭": true},
+                        bottomText: "仅允许导入“xls”或“xlsx”格式文件！"
+                    });
+                    return;
+                }
+                $.jBox($("#importBox").html(), {
+                    title: "导入数据", buttons: {"关闭": true},
+                    bottomText: "导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"
+                });
             });
         });
     </script>
@@ -49,8 +72,9 @@
 <body>
 <div id="importBox" class="hide">
     <form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data"
-          class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-        <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>
+          class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');">
+        <br/>
+        <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>
         <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
         <a href="${ctx}/airline/verify/import/template">下载模板</a>
     </form>
@@ -59,7 +83,8 @@
     <li class="active"><a href="${ctx}/airline/verify/list">航线管理列表</a></li>
     <li><a href="${ctx}/airline/verifyUpdateUser">论证单号修改展示列表</a></li>
 </ul>
-<form:form id="searchForm" modelAttribute="verifyUpdateUserEntity" action="${ctx}/airline/verifyUpdateUser/list" method="post"
+<form:form id="searchForm" modelAttribute="verifyUpdateUserEntity" action="${ctx}/airline/verifyUpdateUser/list"
+           method="post"
            class="breadcrumb form-search ">
     <input id="pageNo" name="pageNo" type="hidden" value="${page.pageNo}"/>
     <input id="pageSize" name="pageSize" type="hidden" value="${page.pageSize}"/>
@@ -72,9 +97,9 @@
             <form:input path="operateUser" htmlEscape="false" maxlength="100" class="input-small"/>
         </li>
         <li><label>论证类型：</label> <form:select path="verifType" class="input-small">
-                    <form:option value="" label="请选择" />
+            <form:option value="" label="请选择"/>
             <form:options items="${fns:getDictList('vrf_verify_type')}"
-                        itemLabel="label" itemValue="value" htmlEscape="false" />
+                          itemLabel="label" itemValue="value" htmlEscape="false"/>
         </form:select>
         </li>
         <li class="btns">&nbsp;&nbsp;
@@ -89,7 +114,15 @@
 <table id="contentTable" class="table table-striped table-bordered table-condensed">
     <thead>
     <tr>
-        <th>编号</th><th>论证单号</th><th>论证类型</th><th>机型</th><th>航线</th><th>修改人</th><th>修改时间</th><th>修改原因</th><th>原始单号</th>
+        <th>编号</th>
+        <th>论证单号</th>
+        <th>论证类型</th>
+        <th>机型</th>
+        <th>航线</th>
+        <th>修改人</th>
+        <th>修改时间</th>
+        <th>修改原因</th>
+        <th>原始单号</th>
         <%--  <shiro:hasPermission name="vrf:verify:edit">
               <th>操作</th>
           </shiro:hasPermission></tr>--%>
@@ -117,9 +150,10 @@
     </tbody>
 </table>
 <div class="pagination">${page}</div>
-<form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data">
-<input type="file" name="file" id="file" value="" /><br/>
-<input type="submit" value="确认提交">
+<form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post"
+      enctype="multipart/form-data">
+    <input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>
+    <input type="submit" value="确认提交">
 </form>
 
 

WebContent/WEB-INF/views/modules/contact/airportBaseList.jsp

@@ -16,6 +16,13 @@
             top.$('.jbox-body .jbox-icon').css('top','55px');
          });
         $("#btnImport").click(function(){
+            var fileInput = $('#uploadFile')[0];
+            var fileExtension = fileInput.name.split('.').pop().toLowerCase();
+            if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                    bottomText:"仅允许导入“xls”或“xlsx”格式文件！"});
+                return;
+            }
             $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true}, 
                 bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
         });
@@ -93,13 +100,14 @@
  <div id="importBox" class="hide">
         <form id="importForm" action="${ctx}/contact/airportBase/import" method="post" enctype="multipart/form-data"
             class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-            <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>　　
+            <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>　　
             <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
             <a href="${ctx}/contact/airportBase/template">下载模板</a>
         </form>
     </div>
 <ul class="nav nav-tabs">
-    <li class="active"><a href="${ctx}/contact/airportBase/list?pageNo=<%=request.getParameter("pageNo")%>&pageSize=<%=request.getParameter("pageSize")%>">基地列表</a></li>
+<%--    <li class="active"><a href="${ctx}/contact/airportBase/list?pageNo=<%=request.getParameter("pageNo")%>&pageSize=<%=request.getParameter("pageSize")%>">基地列表</a></li>--%>
+    <li class="active"><a href="${ctx}/contact/airportBase/list?pageNo=${fn:escapeXml(pageNo)}&pageSize=${fn:escapeXml(pageSize)}基地列表</a></li>
      <li><a href="${ctx}/contact/airportBase/form?id=${baseEntity.id}">
           基地<shiro:hasPermission name="contact:airportBase:edit">${not empty baseEntity.id?'修改':'添加'}</shiro:hasPermission></a></li>
 </ul>

WebContent/WEB-INF/views/modules/contact/airportList.jsp

@@ -31,6 +31,13 @@
         }
 
         function importDialog() {
+            var fileInput = $('#uploadFile')[0];
+            var fileExtension = file.name.split('.').pop().toLowerCase();
+            if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                    bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
+                return;
+            }
             /*$("#importFile").val("");
             $("#importFile").trigger("click");*/
             $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
@@ -74,7 +81,7 @@
 <div id="importBox" class="hide">
     <form id="importForm" action="${ctx}/contact/airport/batchImport" method="post" enctype="multipart/form-data"
           class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-        <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>
+        <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx'/><br/><br/>
         <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
         <a href="${ctx}/contact/airport/batchImport/template">下载模板</a>
     </form>

WebContent/WEB-INF/views/modules/contact/contactsList.jsp

@@ -21,6 +21,13 @@
         function importDialog() {
             /*$("#importFile").val("");
              $("#importFile").trigger("click");*/
+            var fileInput = $('#uploadFile')[0];
+            var fileExtension = fileInput.name.split('.').pop().toLowerCase();
+            if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                    bottomText:"仅允许导入“xls”或“xlsx”格式文件！"});
+                return;
+            }
             $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
                 bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
         }
@@ -118,7 +125,7 @@
     <div id="importBox" class="hide">
         <form id="importForm" action="${ctx}/contact/contacts/batchImport" method="post" enctype="multipart/form-data"
               class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-            <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>
+            <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>
             <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
             <a href="${ctx}/contact/contacts/batchImport/template">下载模板</a>
         </form>

WebContent/WEB-INF/views/modules/contact/seatForm.jsp

@@ -59,6 +59,12 @@
         			 alert('超出允许上传的文件大小');
         			 return;
         		 }
+                 var fileInput = $('#file')[0];
+                 var fileExtension = fileInput.name.split('.').pop().toLowerCase();
+                 if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                    alert('非Excel格式不允许上传');
+                     return;
+                 }
                  $('#form').ajaxForm(options).submit();
                  
              });
@@ -276,7 +282,7 @@
     </div>
 </form:form>
 <form id="form"  style="display:none"  action="${ctx}/file/upload" method="post" enctype="multipart/form-data">
-<input type="file" name="file" id="file" value="" /><br/>
+<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>
 <input type="submit" value="确认提交">
 </form>
 </body>

WebContent/WEB-INF/views/modules/contact/seatTypeForm.jsp

@@ -15,7 +15,9 @@
                     for (var i = 0; i < data.length; i ++) {
                         html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"
                     }
-                    $("#stationId").append(html);
+                    var domParser = new DOMParser();
+                    var doc = domParser.parseFromString(html, 'text/html');
+                    $("#stationId").innerHTML(doc);
                 }
                 $("#stationId").select2().val('${seatTypeEntity.stationId}').trigger("change");
             });

WebContent/WEB-INF/views/modules/contact/stationForm.jsp

@@ -45,6 +45,12 @@
    			 alert('超出允许上传的文件大小');
    			 return;
    		 }
+             var fileInput = $('#form')[0];
+             var fileExtension = file.name.split('.').pop().toLowerCase();
+             if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+              alert('文件格式错误，请上传xls或xlsx格式的文件');
+                 return;
+             }
              $('#form').ajaxForm(options).submit();
              
          });
@@ -81,7 +87,9 @@
                     for (var i = 0; i < data.length; i ++) {
                         html += "<option value='" + data[i].airportIata + "'>" + data[i].airportIata+"----"+ data[i].cityName + "</option>"
                     }
-                    $("#airportIata").append(html);
+                    var domParser = new DOMParser();
+                    var doc = domParser.parseFromString(html, 'text/html');
+                    $("#airportIata").innerHTML(doc);
                 }
                 $("#airportIata").select2().val('${stationEntity.airportIata}').trigger("change");
             });
@@ -147,7 +155,7 @@
     </div>
 </form:form>
 <form id="form"  style="display:none"  action="${ctx}/file/upload" method="post" enctype="multipart/form-data">
-<input type="file" name="file" id="file" value="" /><br/>
+<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>
 <input type="submit" value="确认提交">
 </form>
 </body>

WebContent/WEB-INF/views/modules/finnr/delayCategoryList.jsp

@@ -31,7 +31,9 @@
                         	html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"
                     	}
                     }
-                    $("#parent").append(html);
+                    var domParser = new DOMParser();
+                    var doc = domParser.parseFromString(html, 'text/html');
+                    $("#parent").innerHTML(doc);
                     $("#parent").val("${reParentId}").trigger("change");
                 }
             });
@@ -50,7 +52,9 @@
                             html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"
                         } 
                     }
-                    $("#id").append(html);
+                    var domParser = new DOMParser();
+                    var doc = domParser.parseFromString(html, 'text/html');
+                    $("#id").innerHTML(doc);
                     $("#id").val("${reId}").trigger("change");
                 }
             });

WebContent/WEB-INF/views/modules/finnr/delayRecordForm.jsp

@@ -32,7 +32,9 @@
                             html += "<option value='" + data[i].id + "'>" + data[i].name + " ---- " + data[i].pName +"</option>"
                         }
                     }
-                    $("#categoryId").append(html);
+                    var domParser = new DOMParser();
+                    var doc = domParser.parseFromString(html, 'text/html');
+                    $("#categoryId").innerHTML(doc);
                 }
                 $("#categoryId").select2().val('${delayRecordEntity.categoryId}').trigger("change");
             });

WebContent/WEB-INF/views/modules/sys/menuTree.jsp

@@ -27,10 +27,10 @@
     </script>
 </head>
 <body> --%>
-    <div class="accordion" id="menu-${param.parentId}"><c:set var="menuList" value="${fns:getMenuList()}"/><c:set var="firstMenu" value="true"/><c:forEach items="${menuList}" var="menu" varStatus="idxStatus"><c:if test="${menu.parent.id eq (not empty param.parentId ? param.parentId:1)&&menu.isShow eq '1'}">
+    <div class="accordion" id="menu-${fn:escapeXml(param.parentId)}"><c:set var="menuList" value="${fns:getMenuList()}"/><c:set var="firstMenu" value="true"/><c:forEach items="${menuList}" var="menu" varStatus="idxStatus"><c:if test="${menu.parent.id eq (not empty param.parentId ? param.parentId:1)&&menu.isShow eq '1'}">
         <div class="accordion-group">
             <div class="accordion-heading">
-                <a class="accordion-toggle" data-toggle="collapse" data-parent="#menu-${param.parentId}" data-href="#collapse-${menu.id}" href="#collapse-${menu.id}" title="${menu.remarks}"><i class="icon-chevron-${not empty firstMenu && firstMenu ? 'down' : 'right'}"></i>&nbsp;${menu.name}</a>
+                <a class="accordion-toggle" data-toggle="collapse" data-parent="#menu-${fn:escapeXml(param.parentId)}" data-href="#collapse-${menu.id}" href="#collapse-${menu.id}" title="${menu.remarks}"><i class="icon-chevron-${not empty firstMenu && firstMenu ? 'down' : 'right'}"></i>&nbsp;${menu.name}</a>
             </div>
             <div id="collapse-${menu.id}" class="accordion-body collapse ${not empty firstMenu && firstMenu ? 'in' : ''}">
                 <div class="accordion-inner">

WebContent/WEB-INF/views/modules/sys/menuTreeselect.jsp

@@ -14,7 +14,8 @@
     for(var i=0; i<menuTreeselectNodes.length; i++) {
         menuTreeselect.expandNode(menuTreeselectNodes[i], true, false, false);
     }//</c:if>
-    var menuTreeselectNode = menuTreeselect.getNodeByParam("id", '${parentId != '' ? parentId : cookie.menuId.value}');
+    var safeParentId = StringEscapeUtils.escapeHtml4(parentId != null && !parentId.isEmpty() ? parentId : cookie.get("menuId").getValue());
+    var menuTreeselectNode = menuTreeselect.getNodeByParam("id", safeParentId);
     menuTreeselect.selectNode(menuTreeselectNode, true);
     menuTreeselect.expandNode(menuTreeselectNode, true, false, false);
 </script>
\ No newline at end of file

WebContent/WEB-INF/views/modules/sys/userList-jq.jsp

@@ -16,6 +16,13 @@
                 top.$('.jbox-body .jbox-icon').css('top','55px');
             });
             $("#btnImport").click(function(){
+                var fileInput = $('#uploadFile')[0];
+                var fileExtension = fileInput.name.split('.').pop().toLowerCase();
+                if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                    $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                        bottomText:"仅允许导入“xls”或“xlsx”格式文件！"});
+                    return;
+                }
                 $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true}, 
                     bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
             });
@@ -33,7 +40,7 @@
     <div id="importBox" class="hide">
         <form id="importForm" action="${ctx}/sys/user/import" method="post" enctype="multipart/form-data"
             class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-            <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>　　
+            <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>　　
             <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
             <a href="${ctx}/sys/user/import/template">下载模板</a>
         </form>

WebContent/WEB-INF/views/modules/sys/userList.jsp

@@ -16,6 +16,13 @@
                 top.$('.jbox-body .jbox-icon').css('top','55px');
             });
             $("#btnImport").click(function(){
+                var fileInput = $('#uploadFile')[0];
+                var fileExtension = file.name.split('.').pop().toLowerCase();
+                if (fileExtension !== 'xls' && fileExtension !== 'xlsx') {
+                    $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true},
+                        bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
+                    return;
+                }
                 $.jBox($("#importBox").html(), {title:"导入数据", buttons:{"关闭":true}, 
                     bottomText:"导入文件不能超过5M，仅允许导入“xls”或“xlsx”格式文件！"});
             });
@@ -33,7 +40,7 @@
     <div id="importBox" class="hide">
         <form id="importForm" action="${ctx}/sys/user/import" method="post" enctype="multipart/form-data"
             class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入，请稍等...');"><br/>
-            <input id="uploadFile" name="file" type="file" style="width:330px"/><br/><br/>　　
+            <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>　　
             <input id="btnImportSubmit" class="btn btn-primary" type="submit" value="   导    入   "/>
             <a href="${ctx}/sys/user/import/template">下载模板</a>
         </form>

WebContent/WEB-INF/views/modules/verify/documentForm.jsp

@@ -16,6 +16,13 @@
                 },
                 submitHandler: function(form){
                     loading('正在提交，请稍等...');
+                    var fileInput = $('#form')[0];
+                    var fileExtension = file.name.split('.').pop().toLowerCase();
+                    if (fileExtension !== 'xls' && fileExtension !== 'xlsx'&& fileExtension !== 'doc'
+                        && fileExtension !== 'docx'&& fileExtension !== 'pdf') {
+                       alert('请上传正确的文件格式');
+                        return;
+                    }
                     form.submit();
                 },
                 errorContainer: "#messageBox",
@@ -51,7 +58,7 @@
         <div class="control-group">
         <label class="control-label">上传资料:</label>
         <div class="controls">
-            <input type="file" name="file" id="file" value="" /><br/>
+            <input type="file" name="file" id="file" value=""  accept=".xls,.xlsx,.doc,.docx,.pdf"/><br/>
         </div>
     </div>
     <div class="form-actions">

src/com/baidu/ueditor/core/ActionEnter.java

@@ -4,6 +4,7 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
+import cn.hutool.http.HtmlUtil;
 import com.baidu.ueditor.define.ActionMap;
 import com.baidu.ueditor.define.AppInfo;
 import com.baidu.ueditor.define.BaseState;
@@ -36,7 +37,7 @@ public class ActionEnter {
     public String exec () {
         
         String callbackName = this.request.getParameter("callback");
-        
+        callbackName= HtmlUtil.cleanHtmlTag(callbackName);
         if ( callbackName != null ) {
 
             if ( !validCallbackName( callbackName ) ) {

src/com/baidu/ueditor/upload/BinaryUploader.java

 package com.baidu.ueditor.upload;
 
+import cn.hutool.core.util.StrUtil;
 import com.baidu.ueditor.core.PathFormat;
 import com.baidu.ueditor.define.AppInfo;
 import com.baidu.ueditor.define.BaseState;
@@ -10,9 +11,7 @@ import com.ejweb.core.utils.FileManipulation;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -21,9 +20,22 @@ import org.apache.commons.fileupload.FileItemStream;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.io.FilenameUtils;
 
 public class BinaryUploader {
 
+    private static Map<String, String> extMap = new HashMap<String, String>();
+
+    public BinaryUploader() {
+        // 其中images,flashs,medias,files,对应文件夹名称,对应dirName
+        // key文件夹名称
+        // value该文件夹内可以上传文件的后缀名
+        extMap.put("images", "gif,jpg,jpeg,png,bmp");
+        extMap.put("flashs", "swf,flv");
+        extMap.put("medias", "swf,flv,mp3,wav,wma,wmv,mid,avi,mpg,asf,rm,rmvb");
+        extMap.put("files", "doc,docx,xls,xlsx,ppt,htm,html,txt,zip,rar,gz,bz2");
+    }
+
     public static final State save(HttpServletRequest request,
             Map<String, Object> conf) {
         FileItemStream fileStream = null;
@@ -45,7 +57,22 @@ public class BinaryUploader {
 
             while (iterator.hasNext()) {
                 fileStream = iterator.next();
-
+                try {
+                    String fileName = new String(fileStream.getName().getBytes("ISO-8859-1"), "UTF-8");
+                    String extension = FilenameUtils.getExtension(fileName).toLowerCase();
+                    List<Boolean> list1=new ArrayList<>();
+                    for (Map.Entry<String, String> entry : extMap.entrySet()) {
+                        String value = entry.getValue();
+                        if (!StrUtil.contains(value, extension)) {
+                            list1.add(false);
+                        }
+                    }
+                    if(list1.size()==extMap.entrySet().size()){
+                        throw new Exception("上传文件扩展名是不允许的扩展名格式。");
+                    }
+                } catch (Exception e) {
+                    return new BaseState(false,e.getMessage());
+                }
                 if (!fileStream.isFormField())
                     break;
                 fileStream = null;

src/com/ejweb/core/utils/UploadUtils.java

@@ -2,6 +2,7 @@ package com.ejweb.core.utils;
 
 import java.io.File;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -14,10 +15,12 @@ import java.util.Random;
 
 import javax.servlet.http.HttpServletRequest;
 
+import cn.hutool.core.util.StrUtil;
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.io.FilenameUtils;
 
 /**
  * 文件上传工具类
@@ -215,6 +218,22 @@ public class UploadUtils {
                 Map<String, String> fields = new HashMap<String, String>();
                 while (iter.hasNext()) {
                     FileItem item = iter.next();
+                    try {
+                        String fileName = new String(item.getName().getBytes("ISO-8859-1"), "UTF-8");
+                        String extension = FilenameUtils.getExtension(fileName).toLowerCase();
+                        List<Boolean> list1=new ArrayList<>();
+                        for (Map.Entry<String, String> entry : extMap.entrySet()) {
+                            String value = entry.getValue();
+                            if (!StrUtil.contains(value, extension)) {
+                                list1.add(false);
+                            }
+                        }
+                        if(list1.size()==extMap.entrySet().size()){
+                            throw new Exception("上传文件扩展名是不允许的扩展名格式。");
+                        }
+                    } catch (Exception e) {
+                        return map;
+                    }
                     // 处理所有表单元素和文件域表单元素
                     if (item.isFormField()) {
                         String name = item.getFieldName();

src/com/ejweb/modules/mail/web/MailController.java

@@ -10,6 +10,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -38,6 +39,7 @@ public class MailController extends BaseController {
 
     @Autowired
     private MailService mailService;
+
     @ModelAttribute
     public MailEntity get(@RequestParam(required = false) String value) {
         if (StringUtils.isNotBlank(value)) {
@@ -48,18 +50,19 @@ public class MailController extends BaseController {
     }
 
     @RequiresPermissions("vrf:mail:view")
-    @RequestMapping(value = { "list", "" })
+    @RequestMapping(value = {"list", ""})
     public String list(MailEntity mailEntity, HttpServletRequest request, HttpServletResponse response,
                        Model model) {
-        List<MailEntity> list = mailService.getList( mailEntity);
+        List<MailEntity> list = mailService.getList(mailEntity);
         model.addAttribute("list", list);
         return "modules/mail/mailList";
     }
+
     @RequiresPermissions("vrf:mail:edit")
     @RequestMapping(value = "form")
     public String form(MailEntity mailEntity, HttpServletRequest request, HttpServletResponse response,
                        Model model) {
-        List<MailInfoEntity> list = mailService.findlist( mailEntity);
+        List<MailInfoEntity> list = mailService.findlist(mailEntity);
         model.addAttribute("label", mailEntity.getLabel());
         model.addAttribute("value", mailEntity.getValue());
         model.addAttribute("list", list);
@@ -68,12 +71,13 @@ public class MailController extends BaseController {
 
     @RequiresPermissions("vrf:mail:edit")
     @RequestMapping(value = "getmail")
-    public String getmail( HttpServletRequest request,HttpServletResponse response, RedirectAttributes redirectAttributes) {
-       String name= request.getParameter("name");
+    public String getmail(HttpServletRequest request, HttpServletResponse response, RedirectAttributes redirectAttributes) {
+        String name = request.getParameter("name");
         String mail = mailService.getmail(name);
         try {
             PrintWriter out = response.getWriter();
-        out.print(mail);
+            String escapedMail = StringEscapeUtils.escapeHtml4(mail);
+            out.print(escapedMail);
         } catch (IOException e) {
             // TODO Auto-generated catch block
             e.printStackTrace();

src/com/ejweb/modules/sys/web/MenuController.java

@@ -8,6 +8,8 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletResponse;
 
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.http.HtmlUtil;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -26,6 +28,7 @@ import com.ejweb.core.base.BaseController;
 import com.ejweb.modules.sys.entity.Menu;
 import com.ejweb.modules.sys.service.SystemService;
 import com.ejweb.modules.sys.utils.UserUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * 菜单Controller
@@ -156,6 +159,10 @@ public class MenuController extends BaseController {
     @ResponseBody
     @RequestMapping(value = "treeData")
     public List<Map<String, Object>> treeData(@RequestParam(required=false) String extId,@RequestParam(required=false) String isShowHide, HttpServletResponse response) {
+        if(StrUtil.isNotBlank(extId)){
+            extId= HtmlUtil.escape(extId);
+        }
+
         List<Map<String, Object>> mapList = Lists.newArrayList();
         List<Menu> list = systemService.findAllMenu();
         for (int i=0; i<list.size(); i++){

src/com/ejweb/modules/ueditor/web/UeditorAction.java

@@ -6,12 +6,16 @@ package com.ejweb.modules.ueditor.web;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import cn.hutool.core.util.EscapeUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.http.HtmlUtil;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import com.baidu.ueditor.core.ActionEnter;
 import com.baidu.ueditor.define.ActionMap;
 import com.ejweb.core.conf.GConstants;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * 
@@ -36,7 +40,8 @@ public class UeditorAction {
             // 上传文件  
             ActionMap.mapping.put("uploadfile", ActionMap.UPLOAD_FILE);  
             ActionEnter actionEnter = new ActionEnter(request, rootPath);
-            response.getWriter().write(actionEnter.exec());
+            String exec = actionEnter.exec();
+            response.getWriter().write( EscapeUtil.escape(exec));
         } catch (Exception e) {  
             e.printStackTrace();
         }