From 6de407117897ba0354dac928a38c8fbbfe431bca Mon Sep 17 00:00:00 2001 From: liwenxuan <1298531568@qq.com> Date: Mon, 2 Sep 2024 15:42:44 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=B3=E8=81=94=E8=A1=A8=E5=8D=95=E5=A1=AB?= =?UTF-8?q?=E5=85=85=E8=A7=84=E5=88=99=E4=B8=BB=E8=A1=A8=E5=A1=AB=E5=85=85?= =?UTF-8?q?=E6=95=88=E6=9E=9C=E5=AE=9E=E7=8E=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/AssociatedFormsController.java | 3 +- .../lowcode/service/CustomerFormService.java | 2 +- .../service/impl/CustomerFormServiceImpl.java | 34 +++++++++++++++++-- 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java b/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java index e3a5b40..691998b 100644 --- a/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java +++ b/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java @@ -118,6 +118,7 @@ public class AssociatedFormsController { if(StringUtils.isBlank(key)||StringUtils.isBlank(token)){ return JsonData.buildError("非法请求"); } + String glbbddbd = requestBody.get("glbbddbd"); String formId = requestBody.get("formId"); String dataTitle = requestBody.get("dataTitle"); String rangeFormula = requestBody.get("rangeFormula"); @@ -130,7 +131,7 @@ public class AssociatedFormsController { System.out.println(fillFieldsChild); com.alibaba.fastjson2.JSONArray fillFieldsChildJsonObject = JSON.parseArray(fillFieldsChild); - ArrayList dataTitles = customerFormService.getAsfDataTitles(key,token,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString,masterOnField,fillFieldsMaster,fillFieldsChildJsonObject); + ArrayList dataTitles = customerFormService.getAsfDataTitles(key,token,glbbddbd,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString,masterOnField,fillFieldsMaster,fillFieldsChildJsonObject); return JsonData.buildSuccess(dataTitles); diff --git a/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java b/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java index f8484bf..70c7cd0 100644 --- a/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java +++ b/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java @@ -17,7 +17,7 @@ public interface CustomerFormService { ArrayList getFieldRecord(String key, String token, String[] optionsValue3FieldArray); - ArrayList getAsfDataTitles(String key, String token, String formId, String dataTitle, String rangeFormula, String rangeString, String hideFormula, String hideString, String masterOnField, String fillFieldsMaster, JSONArray fillFieldsChild); + ArrayList getAsfDataTitles(String key, String token,String glbbddbd, String formId, String dataTitle, String rangeFormula, String rangeString, String hideFormula, String hideString, String masterOnField, String fillFieldsMaster, JSONArray fillFieldsChild); ArrayList getAsfDataTitlesByIds(String AsfFormId,ArrayList> ids); Boolean queryIfOrgOrPersonContainsCurrentUser(String key, String token, String targetOrgOrPerson, String condition, String currentUser); diff --git a/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java b/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java index ddf9d4f..444da5e 100644 --- a/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java +++ b/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java @@ -664,7 +664,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { */ @Override - public ArrayList getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField, String fillFieldsMaster, JSONArray fillFieldsChild) { + public ArrayList getAsfDataTitles(String key, String token,String glbbddbd,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField, String fillFieldsMaster, JSONArray fillFieldsChild) { //关联表单的id String AsfFormId = formId; //根据formId(cfid)查询关联表单表名 @@ -720,7 +720,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { keytokenmap.put("usertoken",token); UserDetail userDetail = userService.getUserDetailFromRedis(keytokenmap); - logger.error("用户进行了SQL注入攻击:key--"+userDetail.getWmKey()+"姓名--"+userDetail.getName()+"输入的条件"+rangeFormula); + logger.error("条件含有非法字符,主表单->"+glbbddbd+"###关联表单->"+asfFormName+"###非法条件->"+rangeFormula); dataTitleMapList = new ArrayList<>();//直接返回空数据标题列表 }else{ if(operator.equals("包含")){ @@ -1570,6 +1570,36 @@ public class CustomerFormServiceImpl implements CustomerFormService { //数据填充规则数据字段准备 start + + + System.out.println(fillFieldsChild); + + if(fillFieldsChild.size()>0){ + for(int i = 0; i masterFillRoleFields = new ArrayList<>(); if(fillFieldsMaster.length()>0){ fillFieldsMaster = fillFieldsMaster.substring(0, fillFieldsMaster.length() - 1);