package com.jeecms.common.web;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/classes/com/jeecms/common/web/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    public String getQueryString() {
        return filter(super.getQueryString());
    }

    public String getParameter(String str) {
        return filter(super.getParameter(str));
    }

    public String[] getParameterValues(String str) {
        return filter(super.getParameterValues(str));
    }

    private String filter(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return StringEscapeUtils.escapeSql(StringEscapeUtils.escapeJavaScript(StringEscapeUtils.escapeHtml(str)));
    }

    private String[] filter(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = StringEscapeUtils.escapeSql(StringEscapeUtils.escapeJavaScript(StringEscapeUtils.escapeHtml(strArr[i])));
        }
        return strArr;
    }
}
