diff --git a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml
index c055c22..b8cfba6 100644
--- a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml
+++ b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml
@@ -196,7 +196,7 @@
</dependency>
<!-- 代码生成器 -->
- <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/1273965 -->
+ <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/2043876 -->
<dependency>
<groupId>org.jeecgframework.boot</groupId>
<artifactId>codegenerate</artifactId>
diff --git a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
index 5248998..3092a08 100644
--- a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
+++ b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
@@ -15,6 +15,7 @@ import org.jeecgframework.poi.excel.entity.ExportParams;
import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.servlet.ModelAndView;
@@ -38,6 +39,8 @@ public class JeecgController<T, S extends IService<T>> {
@Autowired
S service;
+ @Value("${jeecg.path.upload}")
+ private String upLoadPath;
/**
* 导出excel
*
@@ -65,7 +68,11 @@ public class JeecgController<T, S extends IService<T>> {
ModelAndView mv = new ModelAndView(new JeecgEntityExcelView());
mv.addObject(NormalExcelConstants.FILE_NAME, title); //此处设置的filename无效 ,前端会重更新设置一下
mv.addObject(NormalExcelConstants.CLASS, clazz);
- mv.addObject(NormalExcelConstants.PARAMS, new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title));
+ //update-begin--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置--------------------
+ ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title);
+ exportParams.setImageBasePath(upLoadPath);
+ //update-end--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置----------------------
+ mv.addObject(NormalExcelConstants.PARAMS,exportParams);
mv.addObject(NormalExcelConstants.DATA_LIST, exportList);
return mv;
}
diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
index d5f6253..e9915f5 100644
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
@@ -1,9 +1,11 @@
package org.jeecg.modules.system.controller;
-import javax.servlet.http.HttpServletRequest;
-
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.springframework.beans.factory.annotation.Autowired;
@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import lombok.extern.slf4j.Slf4j;
+import javax.servlet.http.HttpServletRequest;
/**
* @Title: DuplicateCheckAction
@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j;
public class DuplicateCheckController {
@Autowired
- SysDictMapper sysDictMapper;
+ SysDictMapper sysDictMapper;
/**
* 校验数据是否在系统中是否存在
@@ -42,6 +42,10 @@ public class DuplicateCheckController {
Long num = null;
log.info("----duplicate check------:"+ duplicateCheckVo.toString());
+ //关联表字典(举例:sys_user,realname,id)
+ //SQL注入校验(只限制非法串改数据库)
+ final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
+ SqlInjectionUtil.filterContent(sqlInjCheck);
if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
// [2].编辑页面校验
num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
index f232a0e..b11eb84 100644
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
@@ -26,11 +26,11 @@ import org.jeecg.modules.system.model.TreeSelectModel;
import org.jeecg.modules.system.service.ISysDictItemService;
import org.jeecg.modules.system.service.ISysDictService;
import org.jeecg.modules.system.vo.SysDictPage;
+import org.jeecgframework.poi.excel.ExcelImportCheckUtil;
import org.jeecgframework.poi.excel.ExcelImportUtil;
import org.jeecgframework.poi.excel.def.NormalExcelConstants;
import org.jeecgframework.poi.excel.entity.ExportParams;
import org.jeecgframework.poi.excel.entity.ImportParams;
-import org.jeecgframework.poi.excel.entity.result.ExcelImportResult;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -66,8 +66,8 @@ public class SysDictController {
public RedisTemplate<String, Object> redisTemplate;
@RequestMapping(value = "/list", method = RequestMethod.GET)
- public Result<IPage<SysDict>> queryPageList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
- @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) {
+ public Result<IPage<SysDict>> queryPageList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
+ @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) {
Result<IPage<SysDict>> result = new Result<IPage<SysDict>>();
QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, req.getParameterMap());
Page<SysDict> page = new Page<SysDict>(pageNo, pageSize);
@@ -91,8 +91,8 @@ public class SysDictController {
*/
@SuppressWarnings("unchecked")
@RequestMapping(value = "/treeList", method = RequestMethod.GET)
- public Result<List<SysDictTree>> treeList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
- @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) {
+ public Result<List<SysDictTree>> treeList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
+ @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) {
Result<List<SysDictTree>> result = new Result<>();
LambdaQueryWrapper<SysDict> query = new LambdaQueryWrapper<>();
// 构造查询条件
@@ -118,7 +118,7 @@ public class SysDictController {
* @return
*/
@RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
- public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) {
+ public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) {
log.info(" dictCode : "+ dictCode);
Result<List<DictModel>> result = new Result<List<DictModel>>();
List<DictModel> ls = null;
@@ -203,9 +203,9 @@ public class SysDictController {
*/
@RequestMapping(value = "/loadDict/{dictCode}", method = RequestMethod.GET)
public Result<List<DictModel>> loadDict(@PathVariable String dictCode,
- @RequestParam(name="keyword") String keyword,
- @RequestParam(value = "sign",required = false) String sign,
- @RequestParam(value = "pageSize", required = false) Integer pageSize) {
+ @RequestParam(name="keyword") String keyword,
+ @RequestParam(value = "sign",required = false) String sign,
+ @RequestParam(value = "pageSize", required = false) Integer pageSize) {
log.info(" 加载字典表数据,加载关键字: "+ keyword);
Result<List<DictModel>> result = new Result<List<DictModel>>();
List<DictModel> ls = null;
@@ -240,7 +240,7 @@ public class SysDictController {
* 根据字典code加载字典text 返回
*/
@RequestMapping(value = "/loadDictItem/{dictCode}", method = RequestMethod.GET)
- public Result<List<String>> loadDictItem(@PathVariable String dictCode,@RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) {
+ public Result<List<String>> loadDictItem(@PathVariable String dictCode, @RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) {
Result<List<String>> result = new Result<>();
try {
if(dictCode.indexOf(",")!=-1) {
@@ -271,13 +271,13 @@ public class SysDictController {
*/
@SuppressWarnings("unchecked")
@RequestMapping(value = "/loadTreeData", method = RequestMethod.GET)
- public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid,@RequestParam(name="pidField") String pidField,
- @RequestParam(name="tableName") String tbname,
- @RequestParam(name="text") String text,
- @RequestParam(name="code") String code,
- @RequestParam(name="hasChildField") String hasChildField,
- @RequestParam(name="condition") String condition,
- @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) {
+ public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid, @RequestParam(name="pidField") String pidField,
+ @RequestParam(name="tableName") String tbname,
+ @RequestParam(name="text") String text,
+ @RequestParam(name="code") String code,
+ @RequestParam(name="hasChildField") String hasChildField,
+ @RequestParam(name="condition") String condition,
+ @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) {
Result<List<TreeSelectModel>> result = new Result<List<TreeSelectModel>>();
Map<String, String> query = null;
if(oConvertUtils.isNotEmpty(condition)) {
@@ -293,17 +293,18 @@ public class SysDictController {
}
/**
- * 【APP接口】根据字典配置查询表字典数据
+ * 【APP接口】根据字典配置查询表字典数据(目前暂未找到调用的地方)
* @param query
* @param pageNo
* @param pageSize
* @return
*/
+ @Deprecated
@GetMapping("/queryTableData")
public Result<List<DictModel>> queryTableData(DictQuery query,
- @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
- @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
- @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request){
+ @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
+ @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
+ @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request){
Result<List<DictModel>> res = new Result<List<DictModel>>();
// SQL注入漏洞 sign签名校验
String dictCode = query.getTable()+","+query.getText()+","+query.getCode();
@@ -319,7 +320,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
- //@RequiresRoles({"admin"})
+ @RequiresRoles({"admin"})
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysDict> add(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@@ -340,7 +341,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
- //@RequiresRoles({"admin"})
+ @RequiresRoles({"admin"})
@RequestMapping(value = "/edit", method = RequestMethod.PUT)
public Result<SysDict> edit(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@@ -362,7 +363,7 @@ public class SysDictController {
* @param id
* @return
*/
- //@RequiresRoles({"admin"})
+ @RequiresRoles({"admin"})
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value=CacheConstant.SYS_DICT_CACHE, allEntries=true)
public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) {
@@ -381,7 +382,7 @@ public class SysDictController {
* @param ids
* @return
*/
- //@RequiresRoles({"admin"})
+ @RequiresRoles({"admin"})
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value= CacheConstant.SYS_DICT_CACHE, allEntries=true)
public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
@@ -424,7 +425,7 @@ public class SysDictController {
* @param request
*/
@RequestMapping(value = "/exportXls")
- public ModelAndView exportXls(SysDict sysDict,HttpServletRequest request) {
+ public ModelAndView exportXls(SysDict sysDict, HttpServletRequest request) {
// Step.1 组装查询条件
QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, request.getParameterMap());
//Step.2 AutoPoi 导出Excel
@@ -460,7 +461,7 @@ public class SysDictController {
* @param
* @return
*/
- //@RequiresRoles({"admin"})
+ @RequiresRoles({"admin"})
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
@@ -473,8 +474,8 @@ public class SysDictController {
params.setNeedSave(true);
try {
//导入Excel格式校验,看匹配的字段文本概率
- ExcelImportResult t = ExcelImportUtil.importExcelVerify(file.getInputStream(), SysDictPage.class, params);
- if(t.isVerfiyFail()){
+ Boolean t = ExcelImportCheckUtil.check(file.getInputStream(), SysDictPage.class, params);
+ if(!t){
throw new RuntimeException("导入Excel校验失败 !");
}
List<SysDictPage> list = ExcelImportUtil.importExcel(file.getInputStream(), SysDictPage.class, params);