卖家扫描快递单号，单号信息检查，不能有http

@@ -99,6 +99,10 @@ public class ExpressInfoServiceImpl implements IExpressInfoService {
      */
     @Override
     public void deliverToDepot(Integer sellerUid,Integer expressCompanyId, Long orderCode, String wayBillCode,Integer depotNum) {
+        //用户扫描二维码，防止注入信息
+        if(StringUtils.isBlank(wayBillCode)||wayBillCode.toLowerCase().contains("http")){
+            throw new UfoServiceException(400,"无效的快递单号");
+        }
         //保存物流信息+更新订单状态;
         //本阶段的物流类型和订单状态
         final OrderStatus expectOrderStatus = OrderStatus.HAS_PAYED;