package cn.gtmap.realestate.supervise.utils;

import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.axiom.om.OMConstants;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/realestate-supervise-common-1.0.0-SNAPSHOT.jar:cn/gtmap/realestate/supervise/utils/XssAndSqlHttpServletRequestWrapper.class */
public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public XssAndSqlHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = clearXss(parameterValues[i]);
        }
        return strArr;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        return clearXss(parameter);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public Map getParameterMap() {
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : super.getParameterMap().entrySet()) {
            if (((String[]) entry.getValue()).length == 1) {
                hashMap.put(xssEncode((String) entry.getKey()), xssEncode(((String[]) entry.getValue())[0]));
            } else {
                String str = "";
                for (String str2 : (String[]) entry.getValue()) {
                    str = str2 + ",";
                }
                hashMap.put(xssEncode((String) entry.getKey()), str.substring(0, str.length() - 1));
            }
        }
        return hashMap;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public Object getAttribute(String str) {
        Object attribute = super.getAttribute(str);
        if (attribute != null && (attribute instanceof String)) {
            clearXss((String) attribute);
        }
        return attribute;
    }

    private String clearXss(String str) {
        return StringUtils.isEmpty(str) ? str : XssFilterUtil.stripXss(str, getRequest());
    }

    private static String xssEncode(String str) {
        return (str == null || str.isEmpty()) ? str : str.replaceAll("eval\\((.*)\\)", "").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("'", "&apos;").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", OMConstants.DEFAULT_DEFAULT_NAMESPACE).replaceAll("(?i)<script.*?>.*?<script.*?>", "").replaceAll("(?i)<script.*?>.*?</script.*?>", "").replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", "").replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", "");
    }
}
