From e22af215dc9274b535747947b0f61acc70108f7e Mon Sep 17 00:00:00 2001
From: "yadong.zhang" <yadong.zhang0415@gmail.com>
Date: Fri, 21 Jun 2019 13:39:52 +0800
Subject: [PATCH] =?UTF-8?q?:bug:=20=E4=BC=98=E5=8C=96=E5=89=8D=E5=8F=B0?=
 =?UTF-8?q?=E5=8F=91=E5=B8=83=E8=AF=84=E8=AE=BA=E7=9A=84=E4=BB=A3=E7=A0=81?=
 =?UTF-8?q?=EF=BC=8C=E8=A7=A3=E5=86=B3iphone=E7=AB=AF=E5=8F=B3=E4=B8=8A?=
 =?UTF-8?q?=E8=A7=92=E8=8F=9C=E5=8D=95=E6=97=A0=E6=B3=95=E7=82=B9=E5=87=BA?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=88=E6=84=9F=E8=B0=A2lzhpo?=
 =?UTF-8?q?=E5=90=8C=E5=AD=A6=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../blog/controller/RestApiController.java    |  6 ----
 .../zyd/blog/core/config/WebMvcConfig.java    |  2 +-
 .../service/impl/BizCommentServiceImpl.java   | 36 +++++++++++++------
 .../resources/templates/layout/header.ftl     |  4 +--
 4 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/blog-admin/src/main/java/com/zyd/blog/controller/RestApiController.java b/blog-admin/src/main/java/com/zyd/blog/controller/RestApiController.java
index 3f748ee..b7fda08 100644
--- a/blog-admin/src/main/java/com/zyd/blog/controller/RestApiController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/RestApiController.java
@@ -2,8 +2,6 @@ package com.zyd.blog.controller;
 
 import com.zyd.blog.business.annotation.BussinessLog;
 import com.zyd.blog.business.enums.FileUploadType;
-import com.zyd.blog.business.service.BizArticleService;
-import com.zyd.blog.business.service.SysConfigService;
 import com.zyd.blog.core.websocket.server.ZydWebsocketServer;
 import com.zyd.blog.core.websocket.util.WebSocketUtil;
 import com.zyd.blog.file.FileUploader;
@@ -36,10 +34,6 @@ import java.util.Map;
 @RequestMapping("/api")
 public class RestApiController {
 
-    @Autowired
-    private BizArticleService articleService;
-    @Autowired
-    private SysConfigService configService;
     @Autowired
     private ZydWebsocketServer websocketServer;
 
diff --git a/blog-admin/src/main/java/com/zyd/blog/core/config/WebMvcConfig.java b/blog-admin/src/main/java/com/zyd/blog/core/config/WebMvcConfig.java
index e1d9a79..2dbe946 100644
--- a/blog-admin/src/main/java/com/zyd/blog/core/config/WebMvcConfig.java
+++ b/blog-admin/src/main/java/com/zyd/blog/core/config/WebMvcConfig.java
@@ -22,7 +22,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(rememberAuthenticationInterceptor)
-                .excludePathPatterns("/passport/**", "/error/**", "/assets/**", "/getKaptcha/**", "favicon.ico")
+                .excludePathPatterns("/passport/**", "/error/**", "/assets/**", "/getKaptcha/**", "/websocket", "favicon.ico")
                 .addPathPatterns("/**");
     }
 }
diff --git a/blog-core/src/main/java/com/zyd/blog/business/service/impl/BizCommentServiceImpl.java b/blog-core/src/main/java/com/zyd/blog/business/service/impl/BizCommentServiceImpl.java
index 851338c..52bbb18 100644
--- a/blog-core/src/main/java/com/zyd/blog/business/service/impl/BizCommentServiceImpl.java
+++ b/blog-core/src/main/java/com/zyd/blog/business/service/impl/BizCommentServiceImpl.java
@@ -147,36 +147,50 @@ public class BizCommentServiceImpl implements BizCommentService {
     @RedisCache(flush = true)
     public Comment comment(Comment comment) throws ZhydCommentException {
         SysConfig sysConfig = configService.getByKey(ConfigKeyEnum.ANONYMOUS.getKey());
+        boolean anonymous = true;
         if (null != sysConfig) {
-            String anonymous = sysConfig.getConfigValue();
-            if (!StringUtils.isEmpty(anonymous) && !"1".equals(anonymous) && !SessionUtil.isLogin()) {
-                throw new ZhydCommentException("站长已关闭匿名评论，请先登录！");
-            }
+            anonymous = Boolean.valueOf(sysConfig.getConfigValue());
+        }
+
+        // 非匿名且未登录
+        if (!anonymous && !SessionUtil.isLogin()) {
+            throw new ZhydCommentException("站长已关闭匿名评论，请先登录！");
         }
 
+        // 过滤文本内容，防止xss
         this.filterContent(comment);
 
-        if (SessionUtil.isLogin()) {
+        // 已登录且非匿名，使用当前登录用户的信息评论
+        if (SessionUtil.isLogin() && !anonymous) {
             this.setCurrentLoginUserInfo(comment);
         } else {
             this.setCurrentAnonymousUserInfo(comment);
         }
 
-        List<String> avatars = configService.getRandomUserAvatar();
-        if (StringUtils.isEmpty(comment.getAvatar()) && !CollectionUtils.isEmpty(avatars)) {
-            Collections.shuffle(avatars);
-            int randomIndex = new Random().nextInt(avatars.size());
-            comment.setAvatar(avatars.get(randomIndex));
+        // 用户没有头像时， 使用随机默认的头像
+        if (StringUtils.isEmpty(comment.getAvatar())) {
+            List<String> avatars = configService.getRandomUserAvatar();
+            if (!CollectionUtils.isEmpty(avatars)) {
+                Collections.shuffle(avatars);
+                int randomIndex = new Random().nextInt(avatars.size());
+                comment.setAvatar(avatars.get(randomIndex));
+            }
         }
 
         if (StringUtils.isEmpty(comment.getStatus())) {
             comment.setStatus(CommentStatusEnum.VERIFYING.toString());
         }
 
+        // set当前评论者的设备信息
         this.setCurrentDeviceInfo(comment);
 
+        // set当前评论者的位置信息
         this.setCurrentLocation(comment);
+
+        // 保存
         this.insert(comment);
+
+        // 发送邮件通知
         this.sendEmail(comment);
         return comment;
     }
@@ -192,7 +206,7 @@ public class BizCommentServiceImpl implements BizCommentService {
             throw new ZhydCommentException("说点什么吧");
         }
         // 过滤非法属性和无用的空标签
-        if (!XssKillerUtil.isValid(content)) {
+        if (!XssKillerUtil.isValid(content) || !XssKillerUtil.isValid(comment.getAvatar())) {
             throw new ZhydCommentException("请不要使用特殊标签");
         }
         content = XssKillerUtil.clean(content.trim()).replaceAll("(<p><br></p>)|(<p></p>)", "");
diff --git a/blog-web/src/main/resources/templates/layout/header.ftl b/blog-web/src/main/resources/templates/layout/header.ftl
index ac814a2..a005a53 100644
--- a/blog-web/src/main/resources/templates/layout/header.ftl
+++ b/blog-web/src/main/resources/templates/layout/header.ftl
@@ -141,12 +141,12 @@
     <div class="menu-box">
         <div class="navbar-header">
             <span class="pull-right nav-search toggle-search" data-toggle="modal" data-target=".nav-search-box"><i class="fa fa-search"></i></span>
-            <a type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
+            <button class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
                 <span class="sr-only">Toggle navigation</span>
                 <span class="icon-bar"></span>
                 <span class="icon-bar"></span>
                 <span class="icon-bar"></span>
-            </a>
+            </button>
             <a class="navbar-brand logo" href="#"></a>
         </div>
         <div id="navbar" class="navbar-collapse collapse">
-- 
GitLab