From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/controller/AgvWrkMastController.java | 25 +++++++++++++++++++++++++
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/zy/asrs/controller/AgvWrkMastController.java b/src/main/java/com/zy/asrs/controller/AgvWrkMastController.java
index 58aa710..b6e2b87 100644
--- a/src/main/java/com/zy/asrs/controller/AgvWrkMastController.java
+++ b/src/main/java/com/zy/asrs/controller/AgvWrkMastController.java
@@ -54,6 +54,31 @@
}else {
wrapper.orderBy("io_time", false);
}
+ Page<AgvWrkMast> agvWrkMastPage = agvWrkMastService.selectPage(new Page<>(curr, limit), wrapper);
+ return R.ok(agvWrkMastPage);
+ }
+
+ @RequestMapping(value = "/wrkMast/list/auth/dbList")
+ @ManagerAuth
+ public R dbList(@RequestParam(defaultValue = "1")Integer curr,
+ @RequestParam(defaultValue = "10")Integer limit,
+ @RequestParam(required = false)String orderByField,
+ @RequestParam(required = false)String orderByType,
+ @RequestParam(required = false)String condition,
+ @RequestParam Map<String, Object> param){
+ excludeTrash(param);
+ EntityWrapper<AgvWrkMast> wrapper = new EntityWrapper<>();
+ convert(param, wrapper);
+ allLike(AgvWrkMast.class, param.keySet(), wrapper, condition);
+ if (!Cools.isEmpty(orderByField)){
+ if (orderByField.endsWith("$")){
+ orderByField = orderByField.substring(0, orderByField.length()-1);
+ }
+ wrapper.orderBy(humpToLine(orderByField), "asc".equals(orderByType));
+ }else {
+ wrapper.orderBy("io_time", false);
+ }
+ wrapper.in("io_type",108,111,112);
return R.ok(agvWrkMastService.selectPage(new Page<>(curr, limit), wrapper));
}
--
Gitblit v1.9.1