上朵

tooth-common-tool/src/main/java/com/iamberry/wechat/tools/GetWxOrderno.java

@@ -14,7 +14,7 @@ import org.jdom.Element;
 import org.jdom.JDOMException;
 import org.jdom.input.SAXBuilder;
 
-public class GetWxOrderno {
+public class GetWxOrderno  {
 
     private static final Logger log = Logger.getLogger(GetWxOrderno.class);
 	/**
@@ -66,7 +66,7 @@ public class GetWxOrderno {
 
 	/**
 	 * 解析xml,返回第一级元素键值对。
-	 * 
+	 *
 	 * @param strxml
 	 * @return
 	 * @throws JDOMException
@@ -80,13 +80,13 @@ public class GetWxOrderno {
 
 		Map<String, String> m = new HashMap<String, String>();
 		InputStream in = string2Inputstream(strxml);
-
 		SAXBuilder builder = new SAXBuilder();
+
 		// 防止XXE
-		builder.setFeature("(http://apache.org/xml/features/disallow-doctype-decl",  true);
-		builder.setFeature("(http://xml.org/sax/features/external-general-entities", false);
-		builder.setFeature("(http://xml.org/sax/features/external-parameter-entities",  false);
-		builder.setFeature("(http://apache.org/xml/features/nonvalidating/load-external-dtd",  false);
+		builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+		builder.setFeature("http://xml.org/sax/features/external-general-entities", false);
+		builder.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+		builder.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
 
 		Document doc = builder.build(in);
 		Element root = doc.getRootElement();
@@ -112,6 +112,26 @@ public class GetWxOrderno {
 		return m;
 	}
 
+
+//	public static void main(String[] args) {
+//		String xml = "<xml><return_code><![CDATA[SUCCESS]]></return_code>" +
+//				"<return_msg><![CDATA[OK]]></return_msg>" +
+//				"<appid><![CDATA[wxdb090f0af89e0be3]]></appid>" +
+//				"<mch_id><![CDATA[1490237892]]></mch_id>" +
+//				"<nonce_str><![CDATA[7UdjfHj8Ao6YfzT4]]></nonce_str>" +
+//				"<sign><![CDATA[97CE080DCB323D532353305279679101]]></sign>" +
+//				"<result_code><![CDATA[SUCCESS]]></result_code>" +
+//				"<prepay_id><![CDATA[wx1516544215177622cb20750d1872644010]]></prepay_id>" +
+//				"<trade_type><![CDATA[JSAPI]]></trade_type>" +
+//				"</xml> ";
+//		Map<String, String> map = new HashMap<String, String>();
+//		try {
+//			map = doXMLParse(xml);
+//		} catch (Exception e) {
+//			e.printStackTrace();
+//		}
+//	}
+
 	/**
 	 * 获取子结点的xml
 	 * 

tooth-wechat-web/src/main/java/com/iamberry/wechat/handles/pay/ResponseWechatPayHandler.java

@@ -479,10 +479,10 @@ public class ResponseWechatPayHandler {
 			// 创建一个新的SAXBuilder
 			SAXBuilder sb = new SAXBuilder();
 			// 防止XXE
-			sb.setFeature("(http://apache.org/xml/features/disallow-doctype-decl",  true);
-			sb.setFeature("(http://xml.org/sax/features/external-general-entities", false);
-			sb.setFeature("(http://xml.org/sax/features/external-parameter-entities",  false);
-			sb.setFeature("(http://apache.org/xml/features/nonvalidating/load-external-dtd",  false);
+			sb.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+			sb.setFeature("http://xml.org/sax/features/external-general-entities", false);
+			sb.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+			sb.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
 			// 通过输入源构造一个Document
 			Document doc = (Document) sb.build(source);
 			Element root = doc.getRootElement();// 指向根节点