fix(core): 新增对分号字符的 path 路径校验

2025-05-03 12:17:57 +08:00 · 2025-01-09 14:47:50 +08:00 · 2025-01-09 14:47:50 +08:00 · 71242c15b5
commit 71242c15b5
parent 4afc0f9b54
1 changed files with 4 additions and 2 deletions
--- a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
@ -53,11 +53,13 @@ public final class SaFirewallStrategy {
 	 * 请求 path 不允许出现的字符
 	 */
 	public String[] INVALID_CHARACTER = {
-			"//", "\\",
+			"//",           // //
+			"\\",			// \
 			"%2e", "%2E",	// .
 			"%2f", "%2F",	// /
 			"%5c", "%5C",	// \
-			"%25"	// 空格
+			";", "%3b", "%3B",	// ;    // 参考资料：https://mp.weixin.qq.com/s/77CIDZbgBwRunJeluofPTA
+			"%25"			// 空格
 	};

 	/**