From 1255adca0fbf9137911525224f136b460c7f67dc Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:05:52 +0800
Subject: [PATCH] sql注入漏洞

---
 src/main/java/com/zy/asrs/controller/PlaController.java |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/zy/asrs/controller/PlaController.java b/src/main/java/com/zy/asrs/controller/PlaController.java
index 5688b5d..c66a577 100644
--- a/src/main/java/com/zy/asrs/controller/PlaController.java
+++ b/src/main/java/com/zy/asrs/controller/PlaController.java
@@ -11,7 +11,6 @@
 import com.core.common.R;
 import com.core.common.SnowflakeIdWorker;
 import com.core.exception.CoolException;
-import com.microsoft.sqlserver.jdbc.SQLServerException;
 import com.zy.asrs.entity.*;
 import com.zy.asrs.entity.param.GlobleParameter;
 import com.zy.asrs.entity.result.KeyValueVo;
@@ -89,7 +88,7 @@
     @RequestMapping(value = "/pla/add/auth")
     @ManagerAuth
     public R add(@RequestBody List<Pla> plas) {
-        System.out.println(plas.toString());
+        log.info(plas.toString());
         plas.forEach(pla -> {
             plaService.insert(pla);
         });
@@ -99,7 +98,7 @@
     @RequestMapping(value = "/pla/update/auth")
     @ManagerAuth
     public R update(@RequestBody List<Pla> plas) {
-        System.out.println(plas.toString());
+        log.info(plas.toString());
         plas.forEach(pla -> {
             Pla plaSave = plaService.selectById(pla.getId());
             pla.setModifyTime(new Date());
@@ -119,7 +118,7 @@
     @RequestMapping(value = "/pla/delete/auth")
     @ManagerAuth
     public R delete(@RequestBody List<Pla> plas) {
-        System.out.println(plas.toString());
+        log.info(plas.toString());
         plas.forEach(pla -> {
             if (!pla.getStatus().equals(GlobleParameter.PLA_STATUS_00) && !pla.getStatus().equals(GlobleParameter.PLA_STATUS_0) && !pla.getStatus().equals(GlobleParameter.PLA_STATUS_1)) {
                 throw new CoolException("宸插叆搴撶殑鏁版嵁鏃犳硶琚垹闄�");
@@ -161,7 +160,7 @@
 
             if (pla.getStockFreeze() == 0) {
 //                throw new CoolException("搴撳瓨宸茶鍐荤粨锛岃閲嶆柊閫夋嫨搴撳瓨");
-                System.out.println(pla.getStockFreezeBy() + "," + getUser().getUsername());
+                log.info("璇ュ簱瀛樺凡琚叾浠栫敤鎴峰喕缁擄紝璇烽噸鏂伴�夋嫨;{},{}", pla.getStockFreezeBy(), getUser().getUsername());
                 if (!Cools.eq(pla.getStockFreezeBy(), getUser().getUsername())) {
                     throw new CoolException("璇ュ簱瀛樺凡琚叾浠栫敤鎴峰喕缁擄紝璇烽噸鏂伴�夋嫨");
                 }
@@ -366,9 +365,14 @@
                 .andNew().like("batch", condition)
                 .groupBy("batch")
                 .orderBy("batch", false);
-        List<Pla> plas = plaService.selectPage(new Page<Pla>(1, 30), wrapper).getRecords();
+        Page<Pla> plaPage = new Page<>(1, 30);
+        plaPage.setSearchCount(false);
+        Page<Pla> plaPage1 = plaService.selectPage(plaPage, wrapper);
+        // 閲嶆柊鏌ヨ鐒跺悗缁檖age璁剧疆Total
+        plaPage.setTotal(this.plaService.selectCount(new EntityWrapper<Pla>().setSqlSelect("batch")
+                .andNew().like("batch", condition)));
         List<KeyValueVo> valueVos = new ArrayList<>();
-        for (Pla pla : plas) {
+        for (Pla pla : plaPage1.getRecords()) {
             KeyValueVo vo = new KeyValueVo();
             vo.setName(pla.getBatch());
             vo.setValue(pla.getBatch());

--
Gitblit v1.9.1