From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/controller/OrderController.java | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 162 insertions(+), 8 deletions(-)
diff --git a/src/main/java/com/zy/asrs/controller/OrderController.java b/src/main/java/com/zy/asrs/controller/OrderController.java
index 4ff89c0..adfbd0d 100644
--- a/src/main/java/com/zy/asrs/controller/OrderController.java
+++ b/src/main/java/com/zy/asrs/controller/OrderController.java
@@ -8,11 +8,13 @@
import com.core.common.*;
import com.core.exception.CoolException;
import com.zy.asrs.entity.*;
+import com.zy.asrs.entity.param.AgvMobileStartPakin;
import com.zy.asrs.entity.param.OrderDomainParam;
import com.zy.asrs.entity.result.WrkTraceVo;
import com.zy.asrs.service.*;
import com.zy.common.model.DetlDto;
import com.zy.common.web.BaseController;
+import lombok.Synchronized;
import lombok.extern.slf4j.Slf4j;
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
import org.apache.poi.ss.usermodel.DataFormatter;
@@ -54,6 +56,48 @@
private MatService matService;
@Autowired
private AgvLocDetlService agvLocDetlService;
+
+ @GetMapping("/doc/type/list")
+ @Transactional
+ @ManagerAuth(memo = "鍏ュ簱鍗曟嵁绫诲瀷")
+ @Synchronized
+ public R docTypeList(){
+ List<DocType> result = new ArrayList<>();
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakin", 1));
+ List<Long> unDocIds = new ArrayList<>();
+ unDocIds.add(19L);
+ unDocIds.add(30L);
+ unDocIds.add(32L);
+ unDocIds.add(36L);
+ for (DocType pakin : pakins) {
+ if (!unDocIds.contains(pakin.getDocId())) {
+ result.add(pakin);
+ }
+ }
+ return R.ok().add(result);
+ }
+
+ @GetMapping("/doc/type/out/list")
+ @Transactional
+ @ManagerAuth(memo = "鍑哄簱鍗曟嵁绫诲瀷")
+ @Synchronized
+ public R docTypeOutList(){
+ List<DocType> result = new ArrayList<>();
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakout", 1));
+ List<Long> unDocIds = new ArrayList<>();
+ unDocIds.add(18L);
+ unDocIds.add(31L);
+ unDocIds.add(33L);
+ unDocIds.add(34L);
+ unDocIds.add(35L);
+ unDocIds.add(37L);
+ for (DocType pakin : pakins) {
+ if (!unDocIds.contains(pakin.getDocId())) {
+ result.add(pakin);
+ }
+ }
+ return R.ok().add(result);
+ }
@RequestMapping(value = "/order/nav/list/auth")
@ManagerAuth
@@ -166,6 +210,68 @@
// return R.ok(orderDetlService.selectPage(new Page<>(curr, limit), wrapper));
}
+ @RequestMapping(value = "/order/detls/pakin")
+ @ManagerAuth
+ public R orderDetlsIn(@RequestParam(defaultValue = "1")Integer curr,
+ @RequestParam(defaultValue = "100")Integer limit,
+ @RequestParam(required = false)String orderByField,
+ @RequestParam(required = false)String orderByType,
+ @RequestParam(required = false)Long docType,
+ @RequestParam Map<String, Object> param){
+ EntityWrapper<OrderDetl> wrapper = new EntityWrapper<>();
+ param.remove("docType");
+ excludeTrash(param);
+ convert(param, wrapper);
+// return R.ok(orderDetlService.getPakoutPage(toPage(curr, limit, param, OrderDetl.class)));
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakin", 1));
+ List<Long> docIds = new ArrayList<>();
+ List<Long> unDocIds = new ArrayList<>();
+ unDocIds.add(19L);
+ unDocIds.add(30L);
+ unDocIds.add(32L);
+ unDocIds.add(36L);
+ for (DocType pakin : pakins) {
+ if (!unDocIds.contains(pakin.getDocId())) {
+ docIds.add(pakin.getDocId());
+ }
+ }
+
+ if (docIds.size() > 0) {
+ if (docType > 0) {
+ wrapper.in("source",docType);
+ } else {
+ wrapper.in("source",docIds);
+ }
+
+ } else {
+ wrapper.in("source",0);
+ }
+
+ return R.ok(orderDetlService.selectPage(new Page<>(curr, limit), wrapper));
+ }
+
+ @RequestMapping(value = "/order/wait/detls/pakin/page/auth")
+ @ManagerAuth
+ public R waitOrderDetls(@RequestParam(defaultValue = "1")Integer curr,
+ @RequestParam(defaultValue = "100")Integer limit,
+ @RequestParam(required = false)String orderByField,
+ @RequestParam(required = false)String orderByType,
+ @RequestParam Map<String, Object> param){
+ EntityWrapper<OrderDetl> wrapper = new EntityWrapper<>();
+ excludeTrash(param);
+ convert(param, wrapper);
+// return R.ok(orderDetlService.getPakoutPage(toPage(curr, limit, param, OrderDetl.class)));
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakin", 1));
+ List<Long> docIds = new ArrayList<>();
+ for (DocType pakin : pakins) {
+ if (pakin.getDocId() == 36) {
+ docIds.add(pakin.getDocId());
+ }
+ }
+ wrapper.in("source",docIds);
+ return R.ok(orderDetlService.selectPage(new Page<>(curr, limit), wrapper));
+ }
+
// 鎵�鏈夊叆搴撹鍗曟槑缁�
@RequestMapping(value = "/order/bcp/detls/pakin/page/auth")
@ManagerAuth
@@ -211,6 +317,32 @@
Page<OrderDetl> page = orderDetlService.selectPage(new Page<>(curr, limit), wrapper);
for (OrderDetl record : page.getRecords()) {
Double sumAnfme = agvLocDetlService.getSumAnfmeDb(record.getMatnr(), record.getThreeCode(),1);
+ record.setStock(sumAnfme == null ? 0 : sumAnfme);
+ }
+ return R.ok(page);
+ }
+ @RequestMapping(value = "/order/backStocks/detls/pakin/page/auth")
+ @ManagerAuth
+ public R backStocksOrderDetls(@RequestParam(defaultValue = "1")Integer curr,
+ @RequestParam(defaultValue = "100")Integer limit,
+ @RequestParam(required = false)String orderByField,
+ @RequestParam(required = false)String orderByType,
+ @RequestParam Map<String, Object> param){
+ EntityWrapper<OrderDetl> wrapper = new EntityWrapper<>();
+ excludeTrash(param);
+ convert(param, wrapper);
+// return R.ok(orderDetlService.getPakoutPage(toPage(curr, limit, param, OrderDetl.class)));
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakout", 1));
+ List<Long> docIds = new ArrayList<>();
+ for (DocType pakin : pakins) {
+ if (pakin.getDocId() == 36) {
+ docIds.add(pakin.getDocId());
+ }
+ }
+ wrapper.in("source",docIds);
+ Page<OrderDetl> page = orderDetlService.selectPage(new Page<>(curr, limit), wrapper);
+ for (OrderDetl record : page.getRecords()) {
+ Double sumAnfme = agvLocDetlService.getSumAnfmeback(record.getMatnr(), record.getThreeCode(),1);
record.setStock(sumAnfme == null ? 0 : sumAnfme);
}
return R.ok(page);
@@ -451,6 +583,7 @@
@Transactional
public R formModify(@RequestBody OrderDomainParam param){
Order order = orderService.selectById(param.getOrderId());
+ int docType = param.getDocType().intValue();
if (order == null || order.getStatus() == 0) {
return R.error("璁㈠崟涓嶅瓨鍦�");
}
@@ -474,7 +607,7 @@
// 2.閲嶇粍鏁版嵁
List<DetlDto> list = new ArrayList<>();
for (OrderDetl orderDetl : param.getOrderDetlList()) {
- DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getBatch());
+ DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getAnfme(), orderDetl.getProcessSts());
if (DetlDto.has(list, dto)) {
OrderDetl item = orderDetlService.selectItem(order.getId(), orderDetl.getMatnr(), orderDetl.getBatch(),orderDetl.getThreeCode(),orderDetl.getDeadTime());
item.setAnfme(item.getAnfme() + orderDetl.getAnfme());
@@ -482,9 +615,20 @@
throw new CoolException("淇濆瓨璁㈠崟鏄庣粏妗eけ璐�");
}
} else {
+ if (docType == 35 && orderDetl.getProcessSts() == 1) {
+ List<AgvLocDetl> agvLocDetls = agvLocDetlService.selectList(new EntityWrapper<AgvLocDetl>()
+ .eq("matnr", orderDetl.getMatnr())
+ .eq("order_no", orderDetl.getOrderNo())
+ .eq("process_sts", 3));
+ for (AgvLocDetl agvLocDetl : agvLocDetls) {
+ agvLocDetl.setProcessSts(1);
+ agvLocDetlService.updateById(agvLocDetl);
+ }
+ }
list.add(dto);
orderDetl.setOrderId(order.getId());
orderDetl.setOrderNo(order.getOrderNo());
+ orderDetl.setSource(docType);
orderDetl.setCreateBy(getUserId());
orderDetl.setCreateTime(now);
orderDetl.setUpdateBy(getUserId());
@@ -753,18 +897,18 @@
proSts = 3;
}
-
+ String odNo = uuid;
if(docType.getPakin() == 1){
- uuid += "_I";
+ odNo += "_I";
}else {
- uuid += "_O";
+ odNo += "_O";
}
- Order order = orderService.selectByNo(uuid);
+ Order order = orderService.selectByNo(odNo);
if (null == order) {
order = new Order(
String.valueOf(snowflakeIdWorker.nextId()), // 缂栧彿[闈炵┖]
- uuid, // 璁㈠崟缂栧彿
+ odNo, // 璁㈠崟缂栧彿
null, // 鍗曟嵁鏃ユ湡
docType.getDocId(), // 鍗曟嵁绫诲瀷
null, // 椤圭洰缂栧彿
@@ -802,6 +946,11 @@
throw new CoolException("鐢熸垚鍗曟嵁涓绘。澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}else {
+ // 鏈夊師璁㈠崟鍦ㄧ殑鎯呭喌
+ DocType orderType = docTypeService.selectById(order.getDocType());
+ if (!orderType.getDocName().equals(docName)) {
+ throw new CoolException("鏂拌鍗曪細" + uuid + " 涓庣郴缁熷唴鐨勮鍗曞彿鐩稿悓锛屽崟鎹被鍨嬩笉鍚屻�傝纭鏂拌鍗曞崟鎹被鍨嬶紒");
+ }
order.setSettle(order.getSettle() == 1L ? 1L : 2L );
orderService.updateById(order);
}
@@ -828,13 +977,16 @@
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
} else {
+ if (anfme < 0) {
+ throw new CoolException("璁㈠崟鏁伴噺涓嶅厑璁镐负璐熸暟锛�");
+ }
if(!orderDetlService.increaseAnfme(order.getId(), matnr, null, anfme,csocode,isocode)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}
// 鐢熸垚璋冩嫧鍗�
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "DB" + uuid;
+ String dbUuid = "DB" + odNo;
Order order2 = orderService.selectByNo(dbUuid);
if (null == order2) {
order2 = new Order(
@@ -898,6 +1050,7 @@
orderDetl2.setDeadTime(isocode);
orderDetl2.setStatus(1);
orderDetl2.setQty(0.0D);
+ orderDetl2.setProcessSts(proSts);
if (!orderDetlService.insert(orderDetl2)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
@@ -911,7 +1064,7 @@
// 宸ュ簭涓�1锛氬緟鍔犲伐 鐢熸垚鍔犲伐鍗�
if (proSts == 1) {
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "JG" + uuid;
+ String dbUuid = "JG" + odNo;
Order order3 = orderService.selectByNo(dbUuid);
if (null == order3) {
order3 = new Order(
@@ -975,6 +1128,7 @@
orderDetl3.setDeadTime(isocode);
orderDetl3.setStatus(1);
orderDetl3.setQty(0.0D);
+ orderDetl3.setProcessSts(proSts);
if (!orderDetlService.insert(orderDetl3)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
--
Gitblit v1.9.1