Commit 53d410896a37d1af3d3e4062fb3850ce6f09930c
1 parent
c1ea85fe
1.图片导出报错,本地upload情况下,ImageBasePath未设置
2.重复check接口,sql注入检查 3.导入excel校验示例代码 4.文档地址写错了
Showing
4 changed files
with
49 additions
and
37 deletions
jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml
| ... | ... | @@ -196,7 +196,7 @@ |
| 196 | 196 | </dependency> |
| 197 | 197 | |
| 198 | 198 | <!-- 代码生成器 --> |
| 199 | - <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/1273965 --> | |
| 199 | + <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/2043876 --> | |
| 200 | 200 | <dependency> |
| 201 | 201 | <groupId>org.jeecgframework.boot</groupId> |
| 202 | 202 | <artifactId>codegenerate</artifactId> |
| ... | ... |
jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
| ... | ... | @@ -15,6 +15,7 @@ import org.jeecgframework.poi.excel.entity.ExportParams; |
| 15 | 15 | import org.jeecgframework.poi.excel.entity.ImportParams; |
| 16 | 16 | import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; |
| 17 | 17 | import org.springframework.beans.factory.annotation.Autowired; |
| 18 | +import org.springframework.beans.factory.annotation.Value; | |
| 18 | 19 | import org.springframework.web.multipart.MultipartFile; |
| 19 | 20 | import org.springframework.web.multipart.MultipartHttpServletRequest; |
| 20 | 21 | import org.springframework.web.servlet.ModelAndView; |
| ... | ... | @@ -38,6 +39,8 @@ public class JeecgController<T, S extends IService<T>> { |
| 38 | 39 | @Autowired |
| 39 | 40 | S service; |
| 40 | 41 | |
| 42 | + @Value("${jeecg.path.upload}") | |
| 43 | + private String upLoadPath; | |
| 41 | 44 | /** |
| 42 | 45 | * 导出excel |
| 43 | 46 | * |
| ... | ... | @@ -65,7 +68,11 @@ public class JeecgController<T, S extends IService<T>> { |
| 65 | 68 | ModelAndView mv = new ModelAndView(new JeecgEntityExcelView()); |
| 66 | 69 | mv.addObject(NormalExcelConstants.FILE_NAME, title); //此处设置的filename无效 ,前端会重更新设置一下 |
| 67 | 70 | mv.addObject(NormalExcelConstants.CLASS, clazz); |
| 68 | - mv.addObject(NormalExcelConstants.PARAMS, new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title)); | |
| 71 | + //update-begin--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置-------------------- | |
| 72 | + ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title); | |
| 73 | + exportParams.setImageBasePath(upLoadPath); | |
| 74 | + //update-end--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置---------------------- | |
| 75 | + mv.addObject(NormalExcelConstants.PARAMS,exportParams); | |
| 69 | 76 | mv.addObject(NormalExcelConstants.DATA_LIST, exportList); |
| 70 | 77 | return mv; |
| 71 | 78 | } |
| ... | ... |
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
| 1 | 1 | package org.jeecg.modules.system.controller; |
| 2 | 2 | |
| 3 | -import javax.servlet.http.HttpServletRequest; | |
| 4 | - | |
| 3 | +import io.swagger.annotations.Api; | |
| 4 | +import io.swagger.annotations.ApiOperation; | |
| 5 | +import lombok.extern.slf4j.Slf4j; | |
| 5 | 6 | import org.apache.commons.lang.StringUtils; |
| 6 | 7 | import org.jeecg.common.api.vo.Result; |
| 8 | +import org.jeecg.common.util.SqlInjectionUtil; | |
| 7 | 9 | import org.jeecg.modules.system.mapper.SysDictMapper; |
| 8 | 10 | import org.jeecg.modules.system.model.DuplicateCheckVo; |
| 9 | 11 | import org.springframework.beans.factory.annotation.Autowired; |
| ... | ... | @@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping; |
| 11 | 13 | import org.springframework.web.bind.annotation.RequestMethod; |
| 12 | 14 | import org.springframework.web.bind.annotation.RestController; |
| 13 | 15 | |
| 14 | -import io.swagger.annotations.Api; | |
| 15 | -import io.swagger.annotations.ApiOperation; | |
| 16 | -import lombok.extern.slf4j.Slf4j; | |
| 16 | +import javax.servlet.http.HttpServletRequest; | |
| 17 | 17 | |
| 18 | 18 | /** |
| 19 | 19 | * @Title: DuplicateCheckAction |
| ... | ... | @@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j; |
| 29 | 29 | public class DuplicateCheckController { |
| 30 | 30 | |
| 31 | 31 | @Autowired |
| 32 | - SysDictMapper sysDictMapper; | |
| 32 | + SysDictMapper sysDictMapper; | |
| 33 | 33 | |
| 34 | 34 | /** |
| 35 | 35 | * 校验数据是否在系统中是否存在 |
| ... | ... | @@ -42,6 +42,10 @@ public class DuplicateCheckController { |
| 42 | 42 | Long num = null; |
| 43 | 43 | |
| 44 | 44 | log.info("----duplicate check------:"+ duplicateCheckVo.toString()); |
| 45 | + //关联表字典(举例:sys_user,realname,id) | |
| 46 | + //SQL注入校验(只限制非法串改数据库) | |
| 47 | + final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()}; | |
| 48 | + SqlInjectionUtil.filterContent(sqlInjCheck); | |
| 45 | 49 | if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) { |
| 46 | 50 | // [2].编辑页面校验 |
| 47 | 51 | num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo); |
| ... | ... |
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
| ... | ... | @@ -26,11 +26,11 @@ import org.jeecg.modules.system.model.TreeSelectModel; |
| 26 | 26 | import org.jeecg.modules.system.service.ISysDictItemService; |
| 27 | 27 | import org.jeecg.modules.system.service.ISysDictService; |
| 28 | 28 | import org.jeecg.modules.system.vo.SysDictPage; |
| 29 | +import org.jeecgframework.poi.excel.ExcelImportCheckUtil; | |
| 29 | 30 | import org.jeecgframework.poi.excel.ExcelImportUtil; |
| 30 | 31 | import org.jeecgframework.poi.excel.def.NormalExcelConstants; |
| 31 | 32 | import org.jeecgframework.poi.excel.entity.ExportParams; |
| 32 | 33 | import org.jeecgframework.poi.excel.entity.ImportParams; |
| 33 | -import org.jeecgframework.poi.excel.entity.result.ExcelImportResult; | |
| 34 | 34 | import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; |
| 35 | 35 | import org.springframework.beans.BeanUtils; |
| 36 | 36 | import org.springframework.beans.factory.annotation.Autowired; |
| ... | ... | @@ -66,8 +66,8 @@ public class SysDictController { |
| 66 | 66 | public RedisTemplate<String, Object> redisTemplate; |
| 67 | 67 | |
| 68 | 68 | @RequestMapping(value = "/list", method = RequestMethod.GET) |
| 69 | - public Result<IPage<SysDict>> queryPageList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, | |
| 70 | - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) { | |
| 69 | + public Result<IPage<SysDict>> queryPageList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, | |
| 70 | + @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { | |
| 71 | 71 | Result<IPage<SysDict>> result = new Result<IPage<SysDict>>(); |
| 72 | 72 | QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, req.getParameterMap()); |
| 73 | 73 | Page<SysDict> page = new Page<SysDict>(pageNo, pageSize); |
| ... | ... | @@ -91,8 +91,8 @@ public class SysDictController { |
| 91 | 91 | */ |
| 92 | 92 | @SuppressWarnings("unchecked") |
| 93 | 93 | @RequestMapping(value = "/treeList", method = RequestMethod.GET) |
| 94 | - public Result<List<SysDictTree>> treeList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, | |
| 95 | - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) { | |
| 94 | + public Result<List<SysDictTree>> treeList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, | |
| 95 | + @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { | |
| 96 | 96 | Result<List<SysDictTree>> result = new Result<>(); |
| 97 | 97 | LambdaQueryWrapper<SysDict> query = new LambdaQueryWrapper<>(); |
| 98 | 98 | // 构造查询条件 |
| ... | ... | @@ -118,7 +118,7 @@ public class SysDictController { |
| 118 | 118 | * @return |
| 119 | 119 | */ |
| 120 | 120 | @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) |
| 121 | - public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { | |
| 121 | + public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { | |
| 122 | 122 | log.info(" dictCode : "+ dictCode); |
| 123 | 123 | Result<List<DictModel>> result = new Result<List<DictModel>>(); |
| 124 | 124 | List<DictModel> ls = null; |
| ... | ... | @@ -203,9 +203,9 @@ public class SysDictController { |
| 203 | 203 | */ |
| 204 | 204 | @RequestMapping(value = "/loadDict/{dictCode}", method = RequestMethod.GET) |
| 205 | 205 | public Result<List<DictModel>> loadDict(@PathVariable String dictCode, |
| 206 | - @RequestParam(name="keyword") String keyword, | |
| 207 | - @RequestParam(value = "sign",required = false) String sign, | |
| 208 | - @RequestParam(value = "pageSize", required = false) Integer pageSize) { | |
| 206 | + @RequestParam(name="keyword") String keyword, | |
| 207 | + @RequestParam(value = "sign",required = false) String sign, | |
| 208 | + @RequestParam(value = "pageSize", required = false) Integer pageSize) { | |
| 209 | 209 | log.info(" 加载字典表数据,加载关键字: "+ keyword); |
| 210 | 210 | Result<List<DictModel>> result = new Result<List<DictModel>>(); |
| 211 | 211 | List<DictModel> ls = null; |
| ... | ... | @@ -240,7 +240,7 @@ public class SysDictController { |
| 240 | 240 | * 根据字典code加载字典text 返回 |
| 241 | 241 | */ |
| 242 | 242 | @RequestMapping(value = "/loadDictItem/{dictCode}", method = RequestMethod.GET) |
| 243 | - public Result<List<String>> loadDictItem(@PathVariable String dictCode,@RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { | |
| 243 | + public Result<List<String>> loadDictItem(@PathVariable String dictCode, @RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { | |
| 244 | 244 | Result<List<String>> result = new Result<>(); |
| 245 | 245 | try { |
| 246 | 246 | if(dictCode.indexOf(",")!=-1) { |
| ... | ... | @@ -271,13 +271,13 @@ public class SysDictController { |
| 271 | 271 | */ |
| 272 | 272 | @SuppressWarnings("unchecked") |
| 273 | 273 | @RequestMapping(value = "/loadTreeData", method = RequestMethod.GET) |
| 274 | - public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid,@RequestParam(name="pidField") String pidField, | |
| 275 | - @RequestParam(name="tableName") String tbname, | |
| 276 | - @RequestParam(name="text") String text, | |
| 277 | - @RequestParam(name="code") String code, | |
| 278 | - @RequestParam(name="hasChildField") String hasChildField, | |
| 279 | - @RequestParam(name="condition") String condition, | |
| 280 | - @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { | |
| 274 | + public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid, @RequestParam(name="pidField") String pidField, | |
| 275 | + @RequestParam(name="tableName") String tbname, | |
| 276 | + @RequestParam(name="text") String text, | |
| 277 | + @RequestParam(name="code") String code, | |
| 278 | + @RequestParam(name="hasChildField") String hasChildField, | |
| 279 | + @RequestParam(name="condition") String condition, | |
| 280 | + @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { | |
| 281 | 281 | Result<List<TreeSelectModel>> result = new Result<List<TreeSelectModel>>(); |
| 282 | 282 | Map<String, String> query = null; |
| 283 | 283 | if(oConvertUtils.isNotEmpty(condition)) { |
| ... | ... | @@ -293,17 +293,18 @@ public class SysDictController { |
| 293 | 293 | } |
| 294 | 294 | |
| 295 | 295 | /** |
| 296 | - * 【APP接口】根据字典配置查询表字典数据 | |
| 296 | + * 【APP接口】根据字典配置查询表字典数据(目前暂未找到调用的地方) | |
| 297 | 297 | * @param query |
| 298 | 298 | * @param pageNo |
| 299 | 299 | * @param pageSize |
| 300 | 300 | * @return |
| 301 | 301 | */ |
| 302 | + @Deprecated | |
| 302 | 303 | @GetMapping("/queryTableData") |
| 303 | 304 | public Result<List<DictModel>> queryTableData(DictQuery query, |
| 304 | - @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, | |
| 305 | - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, | |
| 306 | - @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request){ | |
| 305 | + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, | |
| 306 | + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, | |
| 307 | + @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request){ | |
| 307 | 308 | Result<List<DictModel>> res = new Result<List<DictModel>>(); |
| 308 | 309 | // SQL注入漏洞 sign签名校验 |
| 309 | 310 | String dictCode = query.getTable()+","+query.getText()+","+query.getCode(); |
| ... | ... | @@ -319,7 +320,7 @@ public class SysDictController { |
| 319 | 320 | * @param sysDict |
| 320 | 321 | * @return |
| 321 | 322 | */ |
| 322 | - //@RequiresRoles({"admin"}) | |
| 323 | + @RequiresRoles({"admin"}) | |
| 323 | 324 | @RequestMapping(value = "/add", method = RequestMethod.POST) |
| 324 | 325 | public Result<SysDict> add(@RequestBody SysDict sysDict) { |
| 325 | 326 | Result<SysDict> result = new Result<SysDict>(); |
| ... | ... | @@ -340,7 +341,7 @@ public class SysDictController { |
| 340 | 341 | * @param sysDict |
| 341 | 342 | * @return |
| 342 | 343 | */ |
| 343 | - //@RequiresRoles({"admin"}) | |
| 344 | + @RequiresRoles({"admin"}) | |
| 344 | 345 | @RequestMapping(value = "/edit", method = RequestMethod.PUT) |
| 345 | 346 | public Result<SysDict> edit(@RequestBody SysDict sysDict) { |
| 346 | 347 | Result<SysDict> result = new Result<SysDict>(); |
| ... | ... | @@ -362,7 +363,7 @@ public class SysDictController { |
| 362 | 363 | * @param id |
| 363 | 364 | * @return |
| 364 | 365 | */ |
| 365 | - //@RequiresRoles({"admin"}) | |
| 366 | + @RequiresRoles({"admin"}) | |
| 366 | 367 | @RequestMapping(value = "/delete", method = RequestMethod.DELETE) |
| 367 | 368 | @CacheEvict(value=CacheConstant.SYS_DICT_CACHE, allEntries=true) |
| 368 | 369 | public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) { |
| ... | ... | @@ -381,7 +382,7 @@ public class SysDictController { |
| 381 | 382 | * @param ids |
| 382 | 383 | * @return |
| 383 | 384 | */ |
| 384 | - //@RequiresRoles({"admin"}) | |
| 385 | + @RequiresRoles({"admin"}) | |
| 385 | 386 | @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) |
| 386 | 387 | @CacheEvict(value= CacheConstant.SYS_DICT_CACHE, allEntries=true) |
| 387 | 388 | public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) { |
| ... | ... | @@ -424,7 +425,7 @@ public class SysDictController { |
| 424 | 425 | * @param request |
| 425 | 426 | */ |
| 426 | 427 | @RequestMapping(value = "/exportXls") |
| 427 | - public ModelAndView exportXls(SysDict sysDict,HttpServletRequest request) { | |
| 428 | + public ModelAndView exportXls(SysDict sysDict, HttpServletRequest request) { | |
| 428 | 429 | // Step.1 组装查询条件 |
| 429 | 430 | QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, request.getParameterMap()); |
| 430 | 431 | //Step.2 AutoPoi 导出Excel |
| ... | ... | @@ -460,7 +461,7 @@ public class SysDictController { |
| 460 | 461 | * @param |
| 461 | 462 | * @return |
| 462 | 463 | */ |
| 463 | - //@RequiresRoles({"admin"}) | |
| 464 | + @RequiresRoles({"admin"}) | |
| 464 | 465 | @RequestMapping(value = "/importExcel", method = RequestMethod.POST) |
| 465 | 466 | public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) { |
| 466 | 467 | MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; |
| ... | ... | @@ -473,8 +474,8 @@ public class SysDictController { |
| 473 | 474 | params.setNeedSave(true); |
| 474 | 475 | try { |
| 475 | 476 | //导入Excel格式校验,看匹配的字段文本概率 |
| 476 | - ExcelImportResult t = ExcelImportUtil.importExcelVerify(file.getInputStream(), SysDictPage.class, params); | |
| 477 | - if(t.isVerfiyFail()){ | |
| 477 | + Boolean t = ExcelImportCheckUtil.check(file.getInputStream(), SysDictPage.class, params); | |
| 478 | + if(!t){ | |
| 478 | 479 | throw new RuntimeException("导入Excel校验失败 !"); |
| 479 | 480 | } |
| 480 | 481 | List<SysDictPage> list = ExcelImportUtil.importExcel(file.getInputStream(), SysDictPage.class, params); |
| ... | ... |