From 231a3ca1d516ddefafa495b655d3ff99c7352808 Mon Sep 17 00:00:00 2001
From: wangwei <wangwei@nismail.iie.ac.cn>
Date: Tue, 28 May 2019 18:04:38 +0800
Subject: [PATCH 1/6] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E7=B1=BB=E5=9E=8B=E6=A0=A1=E9=AA=8C(=E5=8A=AB=E6=8C=81?=
 =?UTF-8?q?=E3=80=81=E6=B3=A8=E5=85=A5=E3=80=81=E9=98=BB=E6=96=AD=E9=A1=B5?=
 =?UTF-8?q?=E9=9D=A2=E3=80=81=E6=96=87=E4=BB=B6=E7=AD=96=E7=95=A5)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../views/cfg/proxy/fileHijack/form.jsp       | 37 +++++++++++++++++-
 .../views/cfg/proxy/fileInsertScript/form.jsp | 39 ++++++++++++++++++-
 .../views/cfg/proxy/fileResponsePage/form.jsp | 38 +++++++++++++++++-
 .../views/cfg/proxy/fileStrategy/form.jsp     | 38 +++++++++++++++++-
 4 files changed, 148 insertions(+), 4 deletions(-)

diff --git a/src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/form.jsp b/src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/form.jsp
index cec8c79aa..69404a6c1 100644
--- a/src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/form.jsp
@@ -12,10 +12,19 @@
 		
 		$("#cfgFile").on('change',function(){
 			$("#urlInfo").val($("#cfgFile").val());
-		});
+			cfgFileValidate();
+		});		
 
 		$("#cfgFrom") .validate( {
 			submitHandler : function(form) {
+				
+				var cfgFile = $("#cfgFile").val();				
+				if(cfgFile!=''){
+					if(!cfgFileValidate()){
+						 return false;
+					}
+					
+				}
 				loading('onloading...');
 				form.submit();
 			},
@@ -26,6 +35,32 @@
 		});
 		
 	});
+	
+	function cfgFileValidate(){		
+	    var flag=false;    //状态，检测文件后缀用
+	    	var arr=["exe","apk"];//使用是什么格式的后缀	    
+	    var cFile=$("#cfgFile").val();//文件的值
+	    //取出上传文件的扩展名
+	    var index=cFile.lastIndexOf(".");
+	    var ext = cFile.substr(index+1).toLowerCase();
+	    //循环比较
+	     for(var i=0;i<arr.length;i++)
+	     {
+	          if(ext == arr[i])
+	          {
+	           flag = true; //一旦找到合适的，立即退出循环
+	           break;
+	          }
+	     }
+	    //条件判断
+	     	$("div[for='urlInfo']").empty();
+	     if(!flag){
+	     // ("文件名不合法");
+	        $("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
+	         return false;
+	     }
+	     return true;
+	}
 </script>
 </head>
 <body>
diff --git a/src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/form.jsp b/src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/form.jsp
index d97ea9ffa..fd25da202 100644
--- a/src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/form.jsp
@@ -12,10 +12,22 @@
 
 		$("#cfgFile").on('change',function(){
 			$("#urlInfo").val($("#cfgFile").val());
+			cfgFileValidate();
+		});
+		$("#format").on('change',function(){			
+			cfgFileValidate();
 		});
 
 		$("#cfgFrom") .validate( {
 			submitHandler : function(form) {
+				
+				var cfgFile = $("#cfgFile").val();				
+				if(cfgFile!=''){
+					if(!cfgFileValidate()){
+						 return false;
+					}
+					
+				}
 				loading('onloading...');
 				form.submit();
 			},
@@ -26,6 +38,31 @@
 		});
 		
 	});
+	function cfgFileValidate(){		
+	    var flag=false;    //状态，检测文件后缀用
+	    	var arr=["js","css"];//使用是什么格式的后缀	    
+	    var cFile=$("#cfgFile").val();//文件的值
+	    //取出上传文件的扩展名
+	    var index=cFile.lastIndexOf(".");
+	    var ext = cFile.substr(index+1).toLowerCase();
+	    //循环比较
+	     for(var i=0;i<arr.length;i++)
+	     {	
+	          if(ext == arr[i] && (ext == $("#format").val() || $("#format").val() ==""))
+	          {
+	           flag = true; //一旦找到合适的，立即退出循环
+	           break;
+	          }
+	     }
+	    //条件判断
+	     	$("div[for='urlInfo']").empty();
+	     if(!flag){
+	     // ("文件名不合法");
+	        $("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
+	         return false;
+	     }
+	     return true;
+	}
 </script>
 </head>
 <body>
@@ -150,7 +187,7 @@
 												<font color="red">*</font><spring:message code="format" />
 											</label>
 											<div class="col-md-6">
-												<select name="format" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
+												<select id="format" name="format" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
 													<option value=""><spring:message code="select"/></option>
 													<c:forEach items="${fns:getDictList('CONTENT_TYPE_INSERTSCRIPT')}" var="dict">
 														<option value="${dict.itemCode}"  <c:if test="${dict.itemCode==_cfg.format}">selected</c:if>>${dict.itemCode}</option>
diff --git a/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp b/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
index 520b01717..be056cda7 100644
--- a/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
@@ -12,10 +12,21 @@
 		
 		$("#cfgFile").on('change',function(){
 			$("#urlInfo").val($("#cfgFile").val());
+			cfgFileValidate();
+		});
+		$("#contentType").on('change',function(){			
+			cfgFileValidate();
 		});
-
 		$("#cfgFrom") .validate( {
 			submitHandler : function(form) {
+				
+				var cfgFile = $("#cfgFile").val();				
+				if(cfgFile!=''){
+					if(!cfgFileValidate()){
+						 return false;
+					}
+					
+				}
 				loading('onloading...');
 				form.submit();
 			},
@@ -26,6 +37,31 @@
 		});
 		
 	});
+	function cfgFileValidate(){		
+	    var flag=false;    //状态，检测文件后缀用
+	    	var arr=["template","html"];//使用是什么格式的后缀   
+	    var cFile=$("#cfgFile").val();//文件的值
+	    //取出上传文件的扩展名
+	    var index=cFile.lastIndexOf(".");
+	    var ext = cFile.substr(index+1).toLowerCase();
+	    //循环比较
+	     for(var i=0;i<arr.length;i++)
+	     {
+	          if(ext == arr[i] && (ext == $("#contentType").val() || $("#contentType").val() ==""))
+	          {
+	           flag = true; //一旦找到合适的，立即退出循环
+	           break;
+	          }
+	     }
+	    //条件判断
+	     	$("div[for='urlInfo']").empty();
+	     if(!flag){
+	     // ("文件名不合法");
+	        $("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
+	         return false;
+	     }
+	     return true;
+	}
 </script>
 </head>
 <body>
diff --git a/src/main/webapp/WEB-INF/views/cfg/proxy/fileStrategy/form.jsp b/src/main/webapp/WEB-INF/views/cfg/proxy/fileStrategy/form.jsp
index a4353d080..12e1311d3 100644
--- a/src/main/webapp/WEB-INF/views/cfg/proxy/fileStrategy/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/proxy/fileStrategy/form.jsp
@@ -12,10 +12,21 @@
 		
 		$("#cfgFile").on('change',function(){
 			$("#urlInfo").val($("#cfgFile").val());
+			cfgFileValidate();
+		});
+		$("#contentType").on('change',function(){			
+			cfgFileValidate();
 		});
-
 		$("#cfgFrom") .validate( {
 			submitHandler : function(form) {
+				
+				var cfgFile = $("#cfgFile").val();				
+				if(cfgFile!=''){
+					if(!cfgFileValidate()){
+						 return false;
+					}
+					
+				}
 				loading('onloading...');
 				form.submit();
 			},
@@ -26,6 +37,31 @@
 		});
 		
 	});
+	function cfgFileValidate(){		
+	    var flag=false;    //状态，检测文件后缀用
+	    	var arr=["template","html"];//使用是什么格式的后缀    
+	    var cFile=$("#cfgFile").val();//文件的值
+	    //取出上传文件的扩展名
+	    var index=cFile.lastIndexOf(".");
+	    var ext = cFile.substr(index+1).toLowerCase();
+	    //循环比较
+	     for(var i=0;i<arr.length;i++)
+	     {
+	          if(ext == arr[i] (ext == $("#contentType").val() || $("#contentType").val() ==""))
+	          {
+	           flag = true; //一旦找到合适的，立即退出循环
+	           break;
+	          }
+	     }
+	    //条件判断
+	     	$("div[for='urlInfo']").empty();
+	     if(!flag){
+	     // ("文件名不合法");
+	        $("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
+	         return false;
+	     }
+	     return true;
+	}
 </script>
 </head>
 <body>

From 935f70fa4f981539ca3751baacfe89a7fcdbd292 Mon Sep 17 00:00:00 2001
From: zhangwenqing <zhangwenqing@zdjizhi.com>
Date: Tue, 28 May 2019 18:19:26 +0800
Subject: [PATCH 2/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9Proxy=E9=98=BB=E6=96=AD?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=AE=9A=E6=97=B6=E4=BB=BB=E5=8A=A1=E5=92=8C?=
 =?UTF-8?q?=E6=89=B9=E9=87=8F=E4=B8=8B=E5=8F=91=E7=9A=84userRegion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/com/nis/util/SchedulerTaskUtil.java    | 11 +++++++++++
 .../configuration/ConfigSynchronizationService.java  | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/main/java/com/nis/util/SchedulerTaskUtil.java b/src/main/java/com/nis/util/SchedulerTaskUtil.java
index 317b85ffa..fd465a32e 100644
--- a/src/main/java/com/nis/util/SchedulerTaskUtil.java
+++ b/src/main/java/com/nis/util/SchedulerTaskUtil.java
@@ -8,6 +8,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.config.IniSecurityManagerFactory;
@@ -39,6 +40,7 @@ import com.nis.domain.configuration.PxyObjSpoofingIpPool;
 import com.nis.domain.configuration.PxyObjTrustedCaCert;
 import com.nis.domain.configuration.PxyObjTrustedCaCrl;
 import com.nis.domain.maat.MaatCfg;
+import com.nis.domain.maat.ManipulatActionParam;
 import com.nis.domain.maat.ToMaatBean;
 import com.nis.domain.maat.ToMaatResult;
 import com.nis.domain.maat.ToUpdateMaatBeanStatus;
@@ -238,6 +240,15 @@ public class SchedulerTaskUtil {
 										userRegion = userRegion.substring(0, userRegion.length()-1);
 									}
 								}
+								// Proxy Block --xml无法描述的user_region
+								if(entity.getServiceId().equals(576)) {
+									ManipulatActionParam actionParam = new ManipulatActionParam();
+									actionParam.setMethod("block");
+									actionParam.setCode(Integer.valueOf(cfg.getUserRegion1()));
+									actionParam.setMessage(!StringUtil.isBlank(cfg.getUserRegion2()) ? cfg.getUserRegion2():"");
+									actionParam.setHtml_profile(Integer.valueOf(!StringUtil.isBlank(cfg.getUserRegion3()) ? cfg.getUserRegion3():"0"));
+									userRegion = StringEscapeUtils.unescapeJson(BaseService.gsonToJson(actionParam));
+								}
 								
 								// Proxy Manipulate
 								if(entity.getServiceId().equals(656)) {
diff --git a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
index 7c7321aae..f556e24cb 100644
--- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
+++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
@@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import net.sf.json.JSONObject;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.poi.ss.formula.functions.T;
 import org.dom4j.Node;
 import org.springframework.beans.BeanUtils;
@@ -55,6 +56,7 @@ import com.nis.domain.maat.MaatCfg.GroupCfg;
 import com.nis.domain.maat.MaatCfg.IpCfg;
 import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
 import com.nis.domain.maat.MaatCfg.StringCfg;
+import com.nis.domain.maat.ManipulatActionParam;
 import com.nis.domain.specific.ConfigGroupInfo;
 import com.nis.domain.specific.SpecificServiceCfg;
 import com.nis.util.ConfigServiceUtil;
@@ -461,6 +463,16 @@ public class ConfigSynchronizationService  extends BaseService{
 					userRegion = userRegion.substring(0, userRegion.length()-1);
 				}
 			}
+			// Proxy Block --xml无法描述的user_region
+			if(entity.getServiceId().equals(576)) {
+				ManipulatActionParam actionParam = new ManipulatActionParam();
+				actionParam.setMethod("block");
+				actionParam.setCode(Integer.valueOf(cfg.getUserRegion1()));
+				actionParam.setMessage(!StringUtil.isBlank(cfg.getUserRegion2()) ? cfg.getUserRegion2():"");
+				actionParam.setHtml_profile(Integer.valueOf(!StringUtil.isBlank(cfg.getUserRegion3()) ? cfg.getUserRegion3():"0"));
+				userRegion = StringEscapeUtils.unescapeJson(gsonToJson(actionParam));
+			}
+						
 			// Proxy Manipulation
 			if(entity.getServiceId().equals(656)) {
 				userRegion = BaseService.setUserRegionOfMantipulateCfg(cfg, userRegion);

From 613ef99e67de3c3eb66e72b9a414ddef530000be Mon Sep 17 00:00:00 2001
From: wangwei <wangwei@nismail.iie.ac.cn>
Date: Tue, 28 May 2019 18:31:18 +0800
Subject: [PATCH 3/6] =?UTF-8?q?=E9=98=BB=E6=96=AD=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E4=B8=AD=E5=A2=9E=E5=8A=A0id=E5=B1=9E=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp b/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
index be056cda7..358974b8f 100644
--- a/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
@@ -187,7 +187,7 @@
 												<font color="red">*</font><spring:message code="content_type" />
 											</label>
 											<div class="col-md-6">
-												<select name="contentType" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">													
+												<select id="contentType" name="contentType" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">													
 													<option value=""><spring:message code="select"/></option>
 													<c:forEach items="${fns:getDictList('CONTENT_TYPE_FILESTRATEGY')}" var="dict">
 														<option value="${dict.itemCode}"  <c:if test="${dict.itemCode==_cfg.contentType}">selected</c:if>>${dict.itemCode}</option>

From 8770f98ea17057cc1bb552bb61a59e57a5f11d7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E7=9A=93=E5=AE=B8?= <liguilong@iie.ac.cn>
Date: Tue, 28 May 2019 20:07:50 +0800
Subject: [PATCH 4/6] =?UTF-8?q?=E7=95=8C=E9=9D=A2=E5=B5=8C=E5=85=A5?=
 =?UTF-8?q?=E5=A4=96=E9=83=A8URL=20cookie=E4=BC=A0=E9=80=92=20(test)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/webapp/WEB-INF/include/left_menu.jsp | 15 ---------------
 src/main/webapp/WEB-INF/views/home.jsp        | 13 ++++++++++---
 2 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/src/main/webapp/WEB-INF/include/left_menu.jsp b/src/main/webapp/WEB-INF/include/left_menu.jsp
index 6618d55aa..dc8b4f84d 100644
--- a/src/main/webapp/WEB-INF/include/left_menu.jsp
+++ b/src/main/webapp/WEB-INF/include/left_menu.jsp
@@ -17,12 +17,7 @@
 			     				
 			     				<a class="nav-link nav-toggle"		     					
 			     					<c:if test="${secondMenu.href != null && secondMenu.href != ''}" var="secondHref">
-			     						<c:if test="${fn:startsWith(secondMenu.href,'http')}" var="secondFlag">
-				     						 href="javascript:;" onclick="page_turn('${secondMenu.id }','${secondMenu.functionId }','1','','${secondMenu.href }',this)" target="mainFrame" >
-			     						</c:if>
-			     						<c:if test="${!secondFlag}">
 				     						 href="javascript:;" onclick="page_turn('${secondMenu.id }','${secondMenu.functionId }','1','','${ctx}${secondMenu.href }',this)" target="mainFrame" >
-			     						</c:if>
 			     					</c:if>
 			     					<c:if test="${!secondHref }">
 			     						 href="javascript:;" class="nav-link nav-toggle"> 
@@ -47,12 +42,7 @@
 									
 								     				<a class="nav-link nav-toggle"		     					
 								     					<c:if test="${thirdMenu.href != null && thirdMenu.href != ''}" var="thirdHref">
-								     						<c:if test="${fn:startsWith(thirdMenu.href,'http')}" var="thirdFlag">
-									     						 href="javascript:;" onclick="page_turn('${thirdMenu.id }','${thirdMenu.functionId }','2','','${thirdMenu.href }',this)" target="mainFrame" >
-								     						</c:if>
-								     						<c:if test="${!thirdFlag}">
 									     						 href="javascript:;" onclick="page_turn('${thirdMenu.id }','${thirdMenu.functionId }','2','','${ctx}${thirdMenu.href }',this)" target="mainFrame" >
-								     						</c:if>
 								     						 
 								     					</c:if>
 								     					<c:if test="${!thirdHref }">
@@ -72,12 +62,7 @@
 																<c:if test="${fourthMenu.isShow==1}">
 																	<li class="nav-item" id="menu_${fourthMenu.id }" menu-id="${fourthMenu.id }" menu-name="<spring:message code="${fourthMenu.code}"></spring:message>"  >
 																		<a href="javascript:;" 
-																		<c:if test="${fn:startsWith(fourthMenu.href,'http')}" var="fourFlag">
-																			onclick="page_turn('${fourthMenu.id }','${fourthMenu.functionId }','3','','${fourthMenu.href }',this)" target="mainFrame" 
-																		</c:if>
-																		<c:if test="${!fourFlag}">
 																			onclick="page_turn('${fourthMenu.id }','${fourthMenu.functionId }','3','','${ctx}${fourthMenu.href }',this)" target="mainFrame" 
-																		</c:if>
 																		class="nav-link ">
 																			<%-- ${fourthMenu.name } --%> <spring:message code="${fourthMenu.code}"></spring:message> 
 																			<!-- <span class="badge badge-danger">1</span> -->
diff --git a/src/main/webapp/WEB-INF/views/home.jsp b/src/main/webapp/WEB-INF/views/home.jsp
index 33cae4719..7188b2546 100644
--- a/src/main/webapp/WEB-INF/views/home.jsp
+++ b/src/main/webapp/WEB-INF/views/home.jsp
@@ -107,6 +107,7 @@ function page_turn(id, functionId,level, name, url,obj){
 	var $header = $(".page-breadcrumb");//添加头部信息
 	$(".page-breadcrumb").empty();
 
+	var lang = "${cookie.Language.value }".toLowerCase();
 	
 	var parent_li = $object.parents("li");
 	var parent_parent_li = $object.parents("li").parents("li");
@@ -150,11 +151,17 @@ function page_turn(id, functionId,level, name, url,obj){
  	//}
     
 	//调入页面
-	if(url.indexOf("?")>0){
-		url = url+"&functionId="+functionId;
+	//进行区分是否为外部URL
+	if (url.split("http").length>1) {
+		url="http"+url.split("http")[url.split("http").length-1]+"?test_cookie="+lang;
 	}else{
-		url = url+"?functionId="+functionId;
+		if(url.indexOf("?")>0){
+			url = url+"&functionId="+functionId;
+		}else{
+			url = url+"?functionId="+functionId;
+		}
 	}
+	
 	window.frames['mainFrame'].location=url;
      
     $("#mainFrame").load(function(){

From c0461322fa627c8a6d73ae2022443933cd4b4f8f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E7=9A=93=E5=AE=B8?= <liguilong@iie.ac.cn>
Date: Wed, 29 May 2019 11:05:28 +0800
Subject: [PATCH 5/6] =?UTF-8?q?=E5=8C=BA=E5=88=86=E6=98=AF=E5=90=A6?=
 =?UTF-8?q?=E4=B8=BA=E5=A4=96=E9=83=A8URL=E6=97=B6=E5=8A=A0=E5=85=A5?=
 =?UTF-8?q?=E4=BA=86=E6=AD=A3=E5=88=99=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/webapp/WEB-INF/views/home.jsp | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/webapp/WEB-INF/views/home.jsp b/src/main/webapp/WEB-INF/views/home.jsp
index 7188b2546..a391a124f 100644
--- a/src/main/webapp/WEB-INF/views/home.jsp
+++ b/src/main/webapp/WEB-INF/views/home.jsp
@@ -152,7 +152,7 @@ function page_turn(id, functionId,level, name, url,obj){
     
 	//调入页面
 	//进行区分是否为外部URL
-	if (url.split("http").length>1) {
+	if (postComment(url)) {
 		url="http"+url.split("http")[url.split("http").length-1]+"?test_cookie="+lang;
 	}else{
 		if(url.indexOf("?")>0){
@@ -162,6 +162,7 @@ function page_turn(id, functionId,level, name, url,obj){
 		}
 	}
 	
+	
 	window.frames['mainFrame'].location=url;
      
     $("#mainFrame").load(function(){
@@ -169,6 +170,25 @@ function page_turn(id, functionId,level, name, url,obj){
     });
 }
 
+/**
+ * 前台页面验证url网址输入是否正确
+ */
+function postComment(str) {
+ 
+  //验证url网址
+  //判断URL地址的正则表达式为:http(s)?://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)?
+  //下面的代码中应用了转义字符"\"输出一个字符"/"
+  var Expression=/http(s)?:\/\/([\w-]+\.)+[\w-]+(\/[\w- .\/?%&=]*)?/;
+  var objExp=new RegExp(Expression);
+ 
+  if(objExp.test(str) != true){
+   return false;
+  } else {
+   return true;
+    }
+}
+
+
 
 function searchMenu() {
 	

From 1ef6002c57771115d742e5f73a12b8a0f7a0545c Mon Sep 17 00:00:00 2001
From: wangwei <wangwei@nismail.iie.ac.cn>
Date: Wed, 29 May 2019 11:30:03 +0800
Subject: [PATCH 6/6] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=9B=BD=E9=99=85?=
 =?UTF-8?q?=E5=8C=96=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/resources/messages/message_en.properties    | 1 +
 src/main/resources/messages/message_ru.properties    | 1 +
 src/main/resources/messages/message_zh_CN.properties | 3 ++-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties
index 09a9729d0..03cc93c14 100644
--- a/src/main/resources/messages/message_en.properties
+++ b/src/main/resources/messages/message_en.properties
@@ -1557,6 +1557,7 @@ cert_verify_fail_method=Fail Method
 ssl_ver_min=Min SSL Version
 ssl_ver_max=Max SSL Version
 ssl_ver_mirror_client=Mirror Client
+ssl_ver_allow_http2= Allow Http2
 decrypt_mirror_enable=Mirror Enable
 decrypt_mirror_mirror_profile=Mirror Profile
 exclusions=Exclusions
diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties
index 7f9a0e67a..844431d51 100644
--- a/src/main/resources/messages/message_ru.properties
+++ b/src/main/resources/messages/message_ru.properties
@@ -1559,6 +1559,7 @@ cert_verify_fail_method=Fail Method
 ssl_ver_min=Min SSL Version
 ssl_ver_max=Max SSL Version
 ssl_ver_mirror_client=Mirror Client
+ssl_ver_allow_http2= Allow Http2
 decrypt_mirror_enable=Mirror Enable
 decrypt_mirror_mirror_profile=Mirror Profile
 exclusions=Exclusions
diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties
index 42a816104..13d2bd51b 100644
--- a/src/main/resources/messages/message_zh_CN.properties
+++ b/src/main/resources/messages/message_zh_CN.properties
@@ -1557,6 +1557,7 @@ cert_verify_fail_method=\u5931\u8D25\u65B9\u6CD5
 ssl_ver_min=\u6700\u5C0FSSL\u7248\u672C
 ssl_ver_max=\u6700\u5927SSL\u7248\u672C
 ssl_ver_mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
+ssl_ver_allow_http2= \u5141\u8BB8 Http2
 decrypt_mirror_enable=\u542F\u7528\u955C\u50CF
 decrypt_mirror_mirror_profile=\u955C\u50CF\u6982\u8981
 exclusions=\u6392\u9664
@@ -1571,7 +1572,7 @@ approach=\u63A5\u8FD1
 cert_verify=\u8BC1\u4E66\u9A8C\u8BC1
 ssl_version=SSL\u7248\u672C
 mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
-allow_http2=Allow Http2
+allow_http2=\u5141\u8BB8 Http2
 min=\u6700\u5C0F
 max=\u6700\u5927
 decrypt_mirror=\u89E3\u5BC6\u955C\u50CF