From 1255adca0fbf9137911525224f136b460c7f67dc Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:05:52 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java | 24 ++++++++++--------------
1 files changed, 10 insertions(+), 14 deletions(-)
diff --git a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
index 9b74be9..7f15db0 100644
--- a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
+++ b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
@@ -417,7 +417,7 @@
//鍒犻櫎瀛樿揣妗f
if (param.deleteFlag == 1) {
for (MatSyncParam.MatParam matParam : param.getMatDetails()) {
- matService.deleteById(matParam.getMatnr());
+ matService.delete(new EntityWrapper<Mat>().eq("matnr", matParam.getMatnr()));
}
return;
@@ -583,7 +583,7 @@
Pla pla = plaService.selectByBatchAndPackageNo(batch, packageNo, brand);
Mat mat = matService.selectByMaktx(pla.getBrand());
//褰撶敓浜у崟鍙蜂笉涓�鑷存椂锛岄渶瑕佹柊寤轰竴涓猵aram
- if (list.size() == 0 || checkOrder(list, pla.getProOrderNo()) == null) {
+ if (list.isEmpty() || (!Cools.isEmpty(pla.getProOrderNo()) && checkOrder(list, pla.getProOrderNo()) == null)) {
OpenOrderPakoutParam param = new OpenOrderPakoutParam();
param.setcMaker(json.get("user").toString());
String type = Cools.isEmpty(pla.getProOrderNo()) ? "璋冩嫧鍏ュ簱鍗�" : "浜ф垚鍝佸叆搴�";
@@ -624,12 +624,11 @@
doHttpRequest(param, "鍏ュ簱鍗曚笂鎶�", url, orderReportPath, null, "127.0.0.1");
}
-
return 200;
-
//return doHttpRequest(list, "鍏ュ簱鍗曚笂鎶�", url, orderReportPath, null, "127.0.0.1");
-
}
+
+
@Override
public List<Order> selectOrderInformation(Map<String, String> param) {
@@ -690,6 +689,7 @@
boolean success = false;
try {
+ log.info("璇锋眰鍙傛暟锛歿}", requestParam);
response = new HttpHandler.Builder()
.setUri(url)
.setPath(path)
@@ -697,19 +697,15 @@
.build()
.doPost();
log.info("鍏ュ簱鍗曚笂鎶ヨ姹傝繑鍥炴姤鏂囷細{}", response);
- response = response.replace("\\", "");
- response = response.substring(1, response.length() - 1);
JSONObject jsonObject = JSON.parseObject(response);
- JSONArray jsonArray = (JSONArray) jsonObject.get("");
- JSONObject jsonResult = (JSONObject) jsonArray.get(0);
- if (Cools.isEmpty(jsonResult.get("ErrorCode"))) {
- throw new CoolException(jsonResult.get("ErrorMsg").toString());
+ if (Cools.isEmpty(jsonObject.get("ErrorCode"))) {
+ throw new CoolException(jsonObject.get("ErrorMsg").toString());
}
- int code = Integer.parseInt(jsonResult.get("ErrorCode").toString());
- if (code != 1) {
- throw new CoolException(jsonResult.get("ErrorMsg").toString());
+ int code = Integer.parseInt(jsonObject.get("ErrorCode").toString());
+ if (code == 0) {
+ throw new CoolException(jsonObject.get("ErrorMsg").toString());
}
success = true;
return code;
--
Gitblit v1.9.1