fix(all): BugFix(等一个CVE)

Author: qzwxsaedc

src/main/kotlin/com/github/fastmirrorserver/controller/GlobalControllerAdvice.kt

@@ -0,0 +1,17 @@
+package com.github.fastmirrorserver.controller
+
+import org.springframework.core.annotation.Order
+import org.springframework.web.bind.WebDataBinder
+import org.springframework.web.bind.annotation.ControllerAdvice
+import org.springframework.web.bind.annotation.InitBinder
+
+
+@ControllerAdvice
+@Order(10000)
+class GlobalControllerAdvice {
+    @InitBinder
+    fun setAllowedFields(dataBinder: WebDataBinder) {
+        val abd = arrayOf("class.*", "Class.*", "*.class.*", "*.Class.*")
+        dataBinder.setDisallowedFields(*abd)
+    }
+}