From 47c2776059f7b3020bf62f7f92fe6492a3eeb6d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=B9=E5=AE=97=E6=A5=A0?= <zouzongnan1995@icloud.com>
Date: Tue, 4 Jul 2023 15:24:22 +0800
Subject: [PATCH] 1

---
 controllers/taobao_vegetable.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/controllers/taobao_vegetable.go b/controllers/taobao_vegetable.go
index a6f5f77f3..8e4c667bd 100644
--- a/controllers/taobao_vegetable.go
+++ b/controllers/taobao_vegetable.go
@@ -147,7 +147,7 @@ func (c *TaoBaoVegetableController) ApplyCancelOrder() {
 	sign := Sign(values, body, api.TaoVegetableApi.GetAppSecret())
 	switch afsOrder.MerchantCode {
 	case "CSSJ":
-		if sign != values.Get("sign") { // 76626F983F0F7E4A159AD64F9B13B332
+		if sign != values.Get("sign") { // E8C3B7D19ECCB6618CB0F2C30BB086EC
 			c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 			c.ServeJSON()
 			return
@@ -309,6 +309,11 @@ func Sign(param url.Values, data, secret string) string {
 	}
 
 	sort.Strings(publicParam)
-	cc := secret + strings.Join(publicParam, "") + data + secret
+	resultParam := strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(data, "\n", ""), "\t", ""), " ", ""), "\r", "")
+	if strings.Contains(resultParam, `\u0026`) {
+		resultParam = strings.ReplaceAll(resultParam, `\u0026`, "&")
+	}
+	cc := secret + strings.Join(publicParam, "") + resultParam + secret
+
 	return fmt.Sprintf("%X", md5.Sum([]byte(cc)))
 }