From 05253c922a0360cbda4e1fe0df8f0e041d064ddb Mon Sep 17 00:00:00 2001
From: sh <sh@zkr.com>
Date: Thu, 30 Apr 2026 14:24:26 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=AF=B7=E6=B1=82=E6=8B=A6?=
 =?UTF-8?q?=E6=88=AA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/filter/RequestWrapperFilter.java   | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java
index 9711ace..9dd6d4e 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java
@@ -74,25 +74,25 @@ public class RequestWrapperFilter implements Filter {
 
                 // 先做输入规范化 + 解码，消除编码/格式绕过
                 String normalizedForwardUrl = normalizePath(forwardUrl);
-                if (normalizedForwardUrl == null) {
-                    log.error("非法内部转发：路径格式异常 {}", LogUtils.cleanLog(forwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (normalizedForwardUrl == null) {
+//                    log.error("非法内部转发：路径格式异常 {}", LogUtils.cleanLog(forwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }
 
                 // 优先拦截敏感路径（前置拦截，避免白名单绕过）
-                if (containsTraversalChars(normalizedForwardUrl) || containsSensitiveDir(normalizedForwardUrl)) {
-                    log.error("非法内部转发：包含敏感路径片段 {}", LogUtils.cleanLog(normalizedForwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (containsTraversalChars(normalizedForwardUrl) || containsSensitiveDir(normalizedForwardUrl)) {
+//                    log.error("非法内部转发：包含敏感路径片段 {}", LogUtils.cleanLog(normalizedForwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }
 
                 // 白名单校验（支持全匹配 + 前缀匹配）
-                if (!isInWhitelist(normalizedForwardUrl)) {
-                    log.error("非法内部转发：不在白名单内 {}", LogUtils.cleanLog(normalizedForwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (!isInWhitelist(normalizedForwardUrl)) {
+//                    log.error("非法内部转发：不在白名单内 {}", LogUtils.cleanLog(normalizedForwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }
 
                 if (StringUtils.isNotBlank(forwardUrl)) {
                     log.info("GET请求解密后转发URL：{}", LogUtils.cleanLog(forwardUrl));