From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/controller/OrderController.java | 61 +++++++++++++++++++++++++-----
1 files changed, 51 insertions(+), 10 deletions(-)
diff --git a/src/main/java/com/zy/asrs/controller/OrderController.java b/src/main/java/com/zy/asrs/controller/OrderController.java
index a19d45a..adfbd0d 100644
--- a/src/main/java/com/zy/asrs/controller/OrderController.java
+++ b/src/main/java/com/zy/asrs/controller/OrderController.java
@@ -59,7 +59,7 @@
@GetMapping("/doc/type/list")
@Transactional
- @ManagerAuth(memo = "鍗曟嵁绫诲瀷")
+ @ManagerAuth(memo = "鍏ュ簱鍗曟嵁绫诲瀷")
@Synchronized
public R docTypeList(){
List<DocType> result = new ArrayList<>();
@@ -69,6 +69,28 @@
unDocIds.add(30L);
unDocIds.add(32L);
unDocIds.add(36L);
+ for (DocType pakin : pakins) {
+ if (!unDocIds.contains(pakin.getDocId())) {
+ result.add(pakin);
+ }
+ }
+ return R.ok().add(result);
+ }
+
+ @GetMapping("/doc/type/out/list")
+ @Transactional
+ @ManagerAuth(memo = "鍑哄簱鍗曟嵁绫诲瀷")
+ @Synchronized
+ public R docTypeOutList(){
+ List<DocType> result = new ArrayList<>();
+ List<DocType> pakins = docTypeService.selectList(new EntityWrapper<DocType>().eq("pakout", 1));
+ List<Long> unDocIds = new ArrayList<>();
+ unDocIds.add(18L);
+ unDocIds.add(31L);
+ unDocIds.add(33L);
+ unDocIds.add(34L);
+ unDocIds.add(35L);
+ unDocIds.add(37L);
for (DocType pakin : pakins) {
if (!unDocIds.contains(pakin.getDocId())) {
result.add(pakin);
@@ -561,6 +583,7 @@
@Transactional
public R formModify(@RequestBody OrderDomainParam param){
Order order = orderService.selectById(param.getOrderId());
+ int docType = param.getDocType().intValue();
if (order == null || order.getStatus() == 0) {
return R.error("璁㈠崟涓嶅瓨鍦�");
}
@@ -584,7 +607,7 @@
// 2.閲嶇粍鏁版嵁
List<DetlDto> list = new ArrayList<>();
for (OrderDetl orderDetl : param.getOrderDetlList()) {
- DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getBatch());
+ DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getAnfme(), orderDetl.getProcessSts());
if (DetlDto.has(list, dto)) {
OrderDetl item = orderDetlService.selectItem(order.getId(), orderDetl.getMatnr(), orderDetl.getBatch(),orderDetl.getThreeCode(),orderDetl.getDeadTime());
item.setAnfme(item.getAnfme() + orderDetl.getAnfme());
@@ -592,10 +615,20 @@
throw new CoolException("淇濆瓨璁㈠崟鏄庣粏妗eけ璐�");
}
} else {
+ if (docType == 35 && orderDetl.getProcessSts() == 1) {
+ List<AgvLocDetl> agvLocDetls = agvLocDetlService.selectList(new EntityWrapper<AgvLocDetl>()
+ .eq("matnr", orderDetl.getMatnr())
+ .eq("order_no", orderDetl.getOrderNo())
+ .eq("process_sts", 3));
+ for (AgvLocDetl agvLocDetl : agvLocDetls) {
+ agvLocDetl.setProcessSts(1);
+ agvLocDetlService.updateById(agvLocDetl);
+ }
+ }
list.add(dto);
orderDetl.setOrderId(order.getId());
orderDetl.setOrderNo(order.getOrderNo());
- orderDetl.setSource(param.getDocType().intValue());
+ orderDetl.setSource(docType);
orderDetl.setCreateBy(getUserId());
orderDetl.setCreateTime(now);
orderDetl.setUpdateBy(getUserId());
@@ -864,18 +897,18 @@
proSts = 3;
}
-
+ String odNo = uuid;
if(docType.getPakin() == 1){
- uuid += "_I";
+ odNo += "_I";
}else {
- uuid += "_O";
+ odNo += "_O";
}
- Order order = orderService.selectByNo(uuid);
+ Order order = orderService.selectByNo(odNo);
if (null == order) {
order = new Order(
String.valueOf(snowflakeIdWorker.nextId()), // 缂栧彿[闈炵┖]
- uuid, // 璁㈠崟缂栧彿
+ odNo, // 璁㈠崟缂栧彿
null, // 鍗曟嵁鏃ユ湡
docType.getDocId(), // 鍗曟嵁绫诲瀷
null, // 椤圭洰缂栧彿
@@ -913,6 +946,11 @@
throw new CoolException("鐢熸垚鍗曟嵁涓绘。澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}else {
+ // 鏈夊師璁㈠崟鍦ㄧ殑鎯呭喌
+ DocType orderType = docTypeService.selectById(order.getDocType());
+ if (!orderType.getDocName().equals(docName)) {
+ throw new CoolException("鏂拌鍗曪細" + uuid + " 涓庣郴缁熷唴鐨勮鍗曞彿鐩稿悓锛屽崟鎹被鍨嬩笉鍚屻�傝纭鏂拌鍗曞崟鎹被鍨嬶紒");
+ }
order.setSettle(order.getSettle() == 1L ? 1L : 2L );
orderService.updateById(order);
}
@@ -939,13 +977,16 @@
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
} else {
+ if (anfme < 0) {
+ throw new CoolException("璁㈠崟鏁伴噺涓嶅厑璁镐负璐熸暟锛�");
+ }
if(!orderDetlService.increaseAnfme(order.getId(), matnr, null, anfme,csocode,isocode)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}
// 鐢熸垚璋冩嫧鍗�
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "DB" + uuid;
+ String dbUuid = "DB" + odNo;
Order order2 = orderService.selectByNo(dbUuid);
if (null == order2) {
order2 = new Order(
@@ -1023,7 +1064,7 @@
// 宸ュ簭涓�1锛氬緟鍔犲伐 鐢熸垚鍔犲伐鍗�
if (proSts == 1) {
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "JG" + uuid;
+ String dbUuid = "JG" + odNo;
Order order3 = orderService.selectByNo(dbUuid);
if (null == order3) {
order3 = new Order(
--
Gitblit v1.9.1