package com.ydw.filter;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/ydw/filter/MyHttpServletRequestWrapper.class */
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest sqlRequest;

    public MyHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.sqlRequest = null;
        this.sqlRequest = httpServletRequest;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(replaceSQL(str));
        if (parameter != null) {
            parameter = replaceXSS(replaceSQL(parameter));
        }
        return parameter;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues != null && parameterValues.length > 0) {
            for (int i = 0; i < parameterValues.length; i++) {
                parameterValues[i] = replaceSQL(parameterValues[i]);
                parameterValues[i] = replaceXSS(parameterValues[i]);
            }
        }
        return parameterValues;
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header != null) {
            header = replaceXSS(replaceSQL(header));
        }
        return header;
    }

    public static String replaceSQL(String str) {
        if (str == null) {
            return str;
        }
        return Pattern.compile(" (select|update|delete|exec|count|create|drop|alter) ", 2).matcher(str.replaceAll("��", "")).replaceAll("");
    }

    public static String replaceXSS(String str) {
        if (str != null) {
            str = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("alert\\((.*?)\\)", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("e颅xpression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<script(.*?)>", 42).matcher(Pattern.compile("</script>", 2).matcher(Pattern.compile("<script>(.*?)</script>", 2).matcher(str.replaceAll("��", "")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
        }
        return str;
    }

    public static String filter(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            switch (str.charAt(i)) {
                case '\"':
                    stringBuffer.append("\"");
                    break;
                case '#':
                case '$':
                case '*':
                case ',':
                case '-':
                case '.':
                case '/':
                case '0':
                case '1':
                case '2':
                case '3':
                case '4':
                case '5':
                case '6':
                case '7':
                case '8':
                case '9':
                case ':':
                case '=':
                default:
                    stringBuffer.append(str.charAt(i));
                    break;
                case '%':
                    stringBuffer.append("%");
                    break;
                case '&':
                    stringBuffer.append("&");
                    break;
                case '\'':
                    stringBuffer.append("'");
                    break;
                case '(':
                    stringBuffer.append("(");
                    break;
                case ')':
                    stringBuffer.append(")");
                    break;
                case '+':
                    stringBuffer.append("+");
                    break;
                case ';':
                    stringBuffer.append(";");
                    break;
                case '<':
                    stringBuffer.append("<");
                    break;
                case '>':
                    stringBuffer.append(">");
                    break;
            }
        }
        return stringBuffer.toString();
    }
}
