diff --git a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml index c055c22..b8cfba6 100644 --- a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml +++ b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/pom.xml @@ -196,7 +196,7 @@ </dependency> <!-- 代码生成器 --> - <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/1273965 --> + <!-- 如下载失败,请参考此文档 http://doc.jeecg.com/2043876 --> <dependency> <groupId>org.jeecgframework.boot</groupId> <artifactId>codegenerate</artifactId> diff --git a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java index 5248998..3092a08 100644 --- a/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java +++ b/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java @@ -15,6 +15,7 @@ import org.jeecgframework.poi.excel.entity.ExportParams; import org.jeecgframework.poi.excel.entity.ImportParams; import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; import org.springframework.web.servlet.ModelAndView; @@ -38,6 +39,8 @@ public class JeecgController<T, S extends IService<T>> { @Autowired S service; + @Value("${jeecg.path.upload}") + private String upLoadPath; /** * 导出excel * @@ -65,7 +68,11 @@ public class JeecgController<T, S extends IService<T>> { ModelAndView mv = new ModelAndView(new JeecgEntityExcelView()); mv.addObject(NormalExcelConstants.FILE_NAME, title); //此处设置的filename无效 ,前端会重更新设置一下 mv.addObject(NormalExcelConstants.CLASS, clazz); - mv.addObject(NormalExcelConstants.PARAMS, new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title)); + //update-begin--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置-------------------- + ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title); + exportParams.setImageBasePath(upLoadPath); + //update-end--Author:liusq Date:20210126 for:图片导出报错,ImageBasePath未设置---------------------- + mv.addObject(NormalExcelConstants.PARAMS,exportParams); mv.addObject(NormalExcelConstants.DATA_LIST, exportList); return mv; } diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java index d5f6253..e9915f5 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java @@ -1,9 +1,11 @@ package org.jeecg.modules.system.controller; -import javax.servlet.http.HttpServletRequest; - +import io.swagger.annotations.Api; +import io.swagger.annotations.ApiOperation; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; import org.jeecg.common.api.vo.Result; +import org.jeecg.common.util.SqlInjectionUtil; import org.jeecg.modules.system.mapper.SysDictMapper; import org.jeecg.modules.system.model.DuplicateCheckVo; import org.springframework.beans.factory.annotation.Autowired; @@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import lombok.extern.slf4j.Slf4j; +import javax.servlet.http.HttpServletRequest; /** * @Title: DuplicateCheckAction @@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j; public class DuplicateCheckController { @Autowired - SysDictMapper sysDictMapper; + SysDictMapper sysDictMapper; /** * 校验数据是否在系统中是否存在 @@ -42,6 +42,10 @@ public class DuplicateCheckController { Long num = null; log.info("----duplicate check------:"+ duplicateCheckVo.toString()); + //关联表字典(举例:sys_user,realname,id) + //SQL注入校验(只限制非法串改数据库) + final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()}; + SqlInjectionUtil.filterContent(sqlInjCheck); if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) { // [2].编辑页面校验 num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo); diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java index f232a0e..b11eb84 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysDictController.java @@ -26,11 +26,11 @@ import org.jeecg.modules.system.model.TreeSelectModel; import org.jeecg.modules.system.service.ISysDictItemService; import org.jeecg.modules.system.service.ISysDictService; import org.jeecg.modules.system.vo.SysDictPage; +import org.jeecgframework.poi.excel.ExcelImportCheckUtil; import org.jeecgframework.poi.excel.ExcelImportUtil; import org.jeecgframework.poi.excel.def.NormalExcelConstants; import org.jeecgframework.poi.excel.entity.ExportParams; import org.jeecgframework.poi.excel.entity.ImportParams; -import org.jeecgframework.poi.excel.entity.result.ExcelImportResult; import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -66,8 +66,8 @@ public class SysDictController { public RedisTemplate<String, Object> redisTemplate; @RequestMapping(value = "/list", method = RequestMethod.GET) - public Result<IPage<SysDict>> queryPageList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) { + public Result<IPage<SysDict>> queryPageList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, + @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { Result<IPage<SysDict>> result = new Result<IPage<SysDict>>(); QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, req.getParameterMap()); Page<SysDict> page = new Page<SysDict>(pageNo, pageSize); @@ -91,8 +91,8 @@ public class SysDictController { */ @SuppressWarnings("unchecked") @RequestMapping(value = "/treeList", method = RequestMethod.GET) - public Result<List<SysDictTree>> treeList(SysDict sysDict,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) { + public Result<List<SysDictTree>> treeList(SysDict sysDict, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, + @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { Result<List<SysDictTree>> result = new Result<>(); LambdaQueryWrapper<SysDict> query = new LambdaQueryWrapper<>(); // 构造查询条件 @@ -118,7 +118,7 @@ public class SysDictController { * @return */ @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) - public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { + public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { log.info(" dictCode : "+ dictCode); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; @@ -203,9 +203,9 @@ public class SysDictController { */ @RequestMapping(value = "/loadDict/{dictCode}", method = RequestMethod.GET) public Result<List<DictModel>> loadDict(@PathVariable String dictCode, - @RequestParam(name="keyword") String keyword, - @RequestParam(value = "sign",required = false) String sign, - @RequestParam(value = "pageSize", required = false) Integer pageSize) { + @RequestParam(name="keyword") String keyword, + @RequestParam(value = "sign",required = false) String sign, + @RequestParam(value = "pageSize", required = false) Integer pageSize) { log.info(" 加载字典表数据,加载关键字: "+ keyword); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; @@ -240,7 +240,7 @@ public class SysDictController { * 根据字典code加载字典text 返回 */ @RequestMapping(value = "/loadDictItem/{dictCode}", method = RequestMethod.GET) - public Result<List<String>> loadDictItem(@PathVariable String dictCode,@RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { + public Result<List<String>> loadDictItem(@PathVariable String dictCode, @RequestParam(name="key") String keys, @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { Result<List<String>> result = new Result<>(); try { if(dictCode.indexOf(",")!=-1) { @@ -271,13 +271,13 @@ public class SysDictController { */ @SuppressWarnings("unchecked") @RequestMapping(value = "/loadTreeData", method = RequestMethod.GET) - public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid,@RequestParam(name="pidField") String pidField, - @RequestParam(name="tableName") String tbname, - @RequestParam(name="text") String text, - @RequestParam(name="code") String code, - @RequestParam(name="hasChildField") String hasChildField, - @RequestParam(name="condition") String condition, - @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { + public Result<List<TreeSelectModel>> loadTreeData(@RequestParam(name="pid") String pid, @RequestParam(name="pidField") String pidField, + @RequestParam(name="tableName") String tbname, + @RequestParam(name="text") String text, + @RequestParam(name="code") String code, + @RequestParam(name="hasChildField") String hasChildField, + @RequestParam(name="condition") String condition, + @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request) { Result<List<TreeSelectModel>> result = new Result<List<TreeSelectModel>>(); Map<String, String> query = null; if(oConvertUtils.isNotEmpty(condition)) { @@ -293,17 +293,18 @@ public class SysDictController { } /** - * 【APP接口】根据字典配置查询表字典数据 + * 【APP接口】根据字典配置查询表字典数据(目前暂未找到调用的地方) * @param query * @param pageNo * @param pageSize * @return */ + @Deprecated @GetMapping("/queryTableData") public Result<List<DictModel>> queryTableData(DictQuery query, - @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, - @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request){ + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + @RequestParam(value = "sign",required = false) String sign, HttpServletRequest request){ Result<List<DictModel>> res = new Result<List<DictModel>>(); // SQL注入漏洞 sign签名校验 String dictCode = query.getTable()+","+query.getText()+","+query.getCode(); @@ -319,7 +320,7 @@ public class SysDictController { * @param sysDict * @return */ - //@RequiresRoles({"admin"}) + @RequiresRoles({"admin"}) @RequestMapping(value = "/add", method = RequestMethod.POST) public Result<SysDict> add(@RequestBody SysDict sysDict) { Result<SysDict> result = new Result<SysDict>(); @@ -340,7 +341,7 @@ public class SysDictController { * @param sysDict * @return */ - //@RequiresRoles({"admin"}) + @RequiresRoles({"admin"}) @RequestMapping(value = "/edit", method = RequestMethod.PUT) public Result<SysDict> edit(@RequestBody SysDict sysDict) { Result<SysDict> result = new Result<SysDict>(); @@ -362,7 +363,7 @@ public class SysDictController { * @param id * @return */ - //@RequiresRoles({"admin"}) + @RequiresRoles({"admin"}) @RequestMapping(value = "/delete", method = RequestMethod.DELETE) @CacheEvict(value=CacheConstant.SYS_DICT_CACHE, allEntries=true) public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) { @@ -381,7 +382,7 @@ public class SysDictController { * @param ids * @return */ - //@RequiresRoles({"admin"}) + @RequiresRoles({"admin"}) @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) @CacheEvict(value= CacheConstant.SYS_DICT_CACHE, allEntries=true) public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) { @@ -424,7 +425,7 @@ public class SysDictController { * @param request */ @RequestMapping(value = "/exportXls") - public ModelAndView exportXls(SysDict sysDict,HttpServletRequest request) { + public ModelAndView exportXls(SysDict sysDict, HttpServletRequest request) { // Step.1 组装查询条件 QueryWrapper<SysDict> queryWrapper = QueryGenerator.initQueryWrapper(sysDict, request.getParameterMap()); //Step.2 AutoPoi 导出Excel @@ -460,7 +461,7 @@ public class SysDictController { * @param * @return */ - //@RequiresRoles({"admin"}) + @RequiresRoles({"admin"}) @RequestMapping(value = "/importExcel", method = RequestMethod.POST) public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) { MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; @@ -473,8 +474,8 @@ public class SysDictController { params.setNeedSave(true); try { //导入Excel格式校验,看匹配的字段文本概率 - ExcelImportResult t = ExcelImportUtil.importExcelVerify(file.getInputStream(), SysDictPage.class, params); - if(t.isVerfiyFail()){ + Boolean t = ExcelImportCheckUtil.check(file.getInputStream(), SysDictPage.class, params); + if(!t){ throw new RuntimeException("导入Excel校验失败 !"); } List<SysDictPage> list = ExcelImportUtil.importExcel(file.getInputStream(), SysDictPage.class, params);