Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
浙江兰德纵横网络技术股份有限公司
o2oa
提交
8666e8c0
o2oa
项目概览
浙江兰德纵横网络技术股份有限公司
/
o2oa
通知
339
Star
10
Fork
6
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
o2oa
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8666e8c0
编写于
10月 10, 2022
作者:
O
o2sword
1
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
1、人员组织发送验证码无论用户是否存在都返回正常,不报用户不存在的错误;
2、修复数据中心查询语句sql注入问题
上级
c909d519
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
19 addition
and
6 deletion
+19
-6
o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCode.java
...emble/authentication/jaxrs/authentication/ActionCode.java
+3
-3
o2server/x_query_assemble_surface/src/main/java/com/x/query/assemble/surface/jaxrs/statement/ActionExecuteV2.java
...ery/assemble/surface/jaxrs/statement/ActionExecuteV2.java
+16
-3
未找到文件。
o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCode.java
浏览文件 @
8666e8c0
...
...
@@ -31,18 +31,18 @@ class ActionCode extends BaseAction {
throw
new
ExceptionDisableCollect
();
}
Wo
wo
=
new
Wo
();
wo
.
setValue
(
true
);
result
.
setData
(
wo
);
Business
business
=
new
Business
(
emc
);
String
id
=
business
.
person
().
getWithCredential
(
credential
);
if
(
StringUtils
.
isEmpty
(
id
))
{
throw
new
ExceptionPersonNotExist
(
credential
)
;
return
result
;
}
Person
o
=
emc
.
find
(
id
,
Person
.
class
);
if
(!
Config
.
person
().
isMobile
(
o
.
getMobile
()))
{
throw
new
ExceptionInvalidMobile
(
o
.
getMobile
());
}
business
.
instrument
().
code
().
create
(
o
.
getMobile
());
wo
.
setValue
(
true
);
result
.
setData
(
wo
);
return
result
;
}
}
...
...
o2server/x_query_assemble_surface/src/main/java/com/x/query/assemble/surface/jaxrs/statement/ActionExecuteV2.java
浏览文件 @
8666e8c0
...
...
@@ -3,6 +3,8 @@ package com.x.query.assemble.surface.jaxrs.statement;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Objects
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
import
javax.persistence.EntityManager
;
import
javax.persistence.Parameter
;
...
...
@@ -11,6 +13,7 @@ import javax.script.Bindings;
import
javax.script.CompiledScript
;
import
javax.script.ScriptContext
;
import
com.x.base.core.project.tools.StringTools
;
import
org.apache.commons.collections4.list.TreeList
;
import
org.apache.commons.lang3.StringUtils
;
...
...
@@ -46,7 +49,7 @@ import com.x.query.core.express.statement.Runtime;
class
ActionExecuteV2
extends
BaseAction
{
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
ActionExecuteV2
.
class
);
private
static
final
String
[]
keys
=
{
"group by"
,
"GROUP BY"
,
"order by"
,
"ORDER BY"
,
"limit"
,
"LIMIT"
};
private
static
final
String
[]
pageKeys
=
{
"GROUP BY"
,
" COUNT("
};
private
static
final
String
JOIN_KEY
=
" JOIN "
;
...
...
@@ -54,6 +57,8 @@ class ActionExecuteV2 extends BaseAction {
private
static
final
String
SQL_WHERE
=
"WHERE"
;
private
static
final
String
SQL_AND
=
"AND"
;
private
static
final
String
SQL_OR
=
"OR"
;
private
static
final
Pattern
SIMPLY_REGEX
=
Pattern
.
compile
(
"^[a-zA-Z0-9\\_\\-]*$"
);
ActionResult
<
Object
>
execute
(
EffectivePerson
effectivePerson
,
String
flag
,
String
mode
,
Integer
page
,
Integer
size
,
JsonElement
jsonElement
)
throws
Exception
{
...
...
@@ -62,7 +67,7 @@ class ActionExecuteV2 extends BaseAction {
()
->
page
,
()
->
size
);
ClassLoader
classLoader
=
Business
.
getDynamicEntityClassLoader
();
Thread
.
currentThread
().
setContextClassLoader
(
classLoader
);
Statement
statement
=
null
;
ActionResult
<
Object
>
result
=
new
ActionResult
<>();
try
(
EntityManagerContainer
emc
=
EntityManagerContainerFactory
.
instance
().
create
())
{
...
...
@@ -317,9 +322,14 @@ class ActionExecuteV2 extends BaseAction {
if
(
size
>
1
)
{
list
.
add
(
"("
);
}
int
j
=
0
;
for
(
int
i
=
0
;
i
<
size
;
i
++)
{
FilterEntry
filterEntry
=
wi
.
getFilterList
().
get
(
i
);
if
(
i
>
0
)
{
Matcher
matcher
=
SIMPLY_REGEX
.
matcher
(
filterEntry
.
value
);
if
(!
matcher
.
find
()){
continue
;
}
if
(
j
++
>
0
)
{
String
joinTag
=
filterEntry
.
logic
;
if
(
StringUtils
.
isEmpty
(
joinTag
)
||
!
joinTag
.
equalsIgnoreCase
(
SQL_OR
))
{
joinTag
=
SQL_AND
;
...
...
@@ -330,6 +340,9 @@ class ActionExecuteV2 extends BaseAction {
list
.
add
(
Comparison
.
getMatchCom
(
filterEntry
.
comparison
));
list
.
add
(
":"
+
filterEntry
.
value
);
}
if
(
j
==
0
){
list
.
add
(
"1=1"
);
}
if
(
size
>
1
)
{
list
.
add
(
")"
);
}
...
...
liyi_hz2008
@liyi_hz2008
mentioned in commit
87864956
·
10月 12, 2022
mentioned in commit
87864956
mentioned in commit 87864956dff03829715f407a467e227c24f2afd8
开关提交列表
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录