6 years ago · b417320ba4
--- a/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/GetWxOrderno.java
+++ b/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/GetWxOrderno.java
@@ -136,6 +136,12 @@ System.out.println("getPayNo end....");
 
				 		Map m = new HashMap();
			
 
				 		InputStream in = String2Inputstream(strxml);
			
 
				 		SAXBuilder builder = new SAXBuilder();
			
 
				+		// 防止XXE
			
 
				+		builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
			
 
				+		builder.setFeature("http://xml.org/sax/features/external-general-entities", false);
			
 
				+		builder.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
			
 
				+		builder.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
			
 
				+
			
 
				 		Document doc = builder.build(in);
			
 
				 		Element root = doc.getRootElement();
			
 
				 		List list = root.getChildren();
			
--- a/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/ResultInfo.java
+++ b/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/ResultInfo.java
@@ -55,6 +55,7 @@ public class ResultInfo {
 
				 	public  static String videoMessageResponseText = "";									// 音频信息
			
 
				 	public  static String tryCatchDefaultResponseText = "";									// 异常时回复信息
			
 
				 	public static String rebateOrderText = "";												//定时任务返利模板
			
 
				+	public static String yearMsg = "";												//定时任务返利模板
			
 
				 
			
 
				 	public  static String barCodePrefix="MACHINE_QR_CODE";
			
 
				 	
			
--- a/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/loadResultUtil.java
+++ b/iamberry-common-tool/src/main/java/com/iamberry/wechat/tools/loadResultUtil.java
@@ -93,6 +93,8 @@ public class loadResultUtil {
 
				 
			
 
				 			ResultInfo.order_refund_msg = prop.getProperty("order_refund_msg");			//退款申请通知
			
 
				 
			
 
				+			ResultInfo.yearMsg = prop.getProperty("yearMsg");
			
 
				+
			
 
				 		} catch (IOException e) {
			
 
				 			ResultInfo.SUCCESSINFO="操作成功！";
			
 
				 			ResultInfo.ERRORINFO="操作失败！";
			
--- a/iamberry-wechat-service/src/main/java/com/iamberry/wechat/service/wechat/WeChatServiceImpl.java
+++ b/iamberry-wechat-service/src/main/java/com/iamberry/wechat/service/wechat/WeChatServiceImpl.java
@@ -158,6 +158,12 @@ public class WeChatServiceImpl implements WeChatService {
 
				 			textMessage.setToUserName(fromUserName);
			
 
				 			textMessage.setFromUserName(toUserName);
			
 
				 			textMessage.setMsgType(MessageUtil.RESP_MESSAGE_TYPE_TEXT);
			
 
				+
			
 
				+			//过年放假通知
			
 
				+			respContent = ResultInfo.yearMsg;
			
 
				+
			
 
				+			inLongLogger.info("=====================1"+respContent);
			
 
				+			System.out.println("=====================1"+respContent);
			
 
				 			
			
 
				 			//多客服处理
			
 
				 			String intxml = "<xml>"+
			
--- a/iamberry-wechat-web/src/main/java/com/iamberry/wechat/handles/pay/ResponseWechatPayHandler.java
+++ b/iamberry-wechat-web/src/main/java/com/iamberry/wechat/handles/pay/ResponseWechatPayHandler.java
@@ -314,6 +314,12 @@ public class ResponseWechatPayHandler {
 
				 			InputSource source = new InputSource(read);
			
 
				 			// 创建一个新的SAXBuilder
			
 
				 			SAXBuilder sb = new SAXBuilder();
			
 
				+			// 防止XXE
			
 
				+			sb.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
			
 
				+			sb.setFeature("http://xml.org/sax/features/external-general-entities", false);
			
 
				+			sb.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
			
 
				+			sb.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
			
 
				+
			
 
				 			// 通过输入源构造一个Document
			
 
				 			Document doc = (Document) sb.build(source);
			
 
				 			Element root = doc.getRootElement();// 指向根节点
			
--- a/iamberry-wechat-web/src/main/resources/ResultInfo.properties
+++ b/iamberry-wechat-web/src/main/resources/ResultInfo.properties