From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/controller/OrderController.java | 37 ++++++++++++++++++++++++++++---------
1 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/src/main/java/com/zy/asrs/controller/OrderController.java b/src/main/java/com/zy/asrs/controller/OrderController.java
index abc64da..adfbd0d 100644
--- a/src/main/java/com/zy/asrs/controller/OrderController.java
+++ b/src/main/java/com/zy/asrs/controller/OrderController.java
@@ -583,6 +583,7 @@
@Transactional
public R formModify(@RequestBody OrderDomainParam param){
Order order = orderService.selectById(param.getOrderId());
+ int docType = param.getDocType().intValue();
if (order == null || order.getStatus() == 0) {
return R.error("璁㈠崟涓嶅瓨鍦�");
}
@@ -606,7 +607,7 @@
// 2.閲嶇粍鏁版嵁
List<DetlDto> list = new ArrayList<>();
for (OrderDetl orderDetl : param.getOrderDetlList()) {
- DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getBatch());
+ DetlDto dto = new DetlDto(orderDetl.getMatnr(), orderDetl.getAnfme(), orderDetl.getProcessSts());
if (DetlDto.has(list, dto)) {
OrderDetl item = orderDetlService.selectItem(order.getId(), orderDetl.getMatnr(), orderDetl.getBatch(),orderDetl.getThreeCode(),orderDetl.getDeadTime());
item.setAnfme(item.getAnfme() + orderDetl.getAnfme());
@@ -614,10 +615,20 @@
throw new CoolException("淇濆瓨璁㈠崟鏄庣粏妗eけ璐�");
}
} else {
+ if (docType == 35 && orderDetl.getProcessSts() == 1) {
+ List<AgvLocDetl> agvLocDetls = agvLocDetlService.selectList(new EntityWrapper<AgvLocDetl>()
+ .eq("matnr", orderDetl.getMatnr())
+ .eq("order_no", orderDetl.getOrderNo())
+ .eq("process_sts", 3));
+ for (AgvLocDetl agvLocDetl : agvLocDetls) {
+ agvLocDetl.setProcessSts(1);
+ agvLocDetlService.updateById(agvLocDetl);
+ }
+ }
list.add(dto);
orderDetl.setOrderId(order.getId());
orderDetl.setOrderNo(order.getOrderNo());
- orderDetl.setSource(param.getDocType().intValue());
+ orderDetl.setSource(docType);
orderDetl.setCreateBy(getUserId());
orderDetl.setCreateTime(now);
orderDetl.setUpdateBy(getUserId());
@@ -886,18 +897,18 @@
proSts = 3;
}
-
+ String odNo = uuid;
if(docType.getPakin() == 1){
- uuid += "_I";
+ odNo += "_I";
}else {
- uuid += "_O";
+ odNo += "_O";
}
- Order order = orderService.selectByNo(uuid);
+ Order order = orderService.selectByNo(odNo);
if (null == order) {
order = new Order(
String.valueOf(snowflakeIdWorker.nextId()), // 缂栧彿[闈炵┖]
- uuid, // 璁㈠崟缂栧彿
+ odNo, // 璁㈠崟缂栧彿
null, // 鍗曟嵁鏃ユ湡
docType.getDocId(), // 鍗曟嵁绫诲瀷
null, // 椤圭洰缂栧彿
@@ -935,6 +946,11 @@
throw new CoolException("鐢熸垚鍗曟嵁涓绘。澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}else {
+ // 鏈夊師璁㈠崟鍦ㄧ殑鎯呭喌
+ DocType orderType = docTypeService.selectById(order.getDocType());
+ if (!orderType.getDocName().equals(docName)) {
+ throw new CoolException("鏂拌鍗曪細" + uuid + " 涓庣郴缁熷唴鐨勮鍗曞彿鐩稿悓锛屽崟鎹被鍨嬩笉鍚屻�傝纭鏂拌鍗曞崟鎹被鍨嬶紒");
+ }
order.setSettle(order.getSettle() == 1L ? 1L : 2L );
orderService.updateById(order);
}
@@ -961,13 +977,16 @@
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
} else {
+ if (anfme < 0) {
+ throw new CoolException("璁㈠崟鏁伴噺涓嶅厑璁镐负璐熸暟锛�");
+ }
if(!orderDetlService.increaseAnfme(order.getId(), matnr, null, anfme,csocode,isocode)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃閲嶆柊瀵煎叆锛�");
}
}
// 鐢熸垚璋冩嫧鍗�
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "DB" + uuid;
+ String dbUuid = "DB" + odNo;
Order order2 = orderService.selectByNo(dbUuid);
if (null == order2) {
order2 = new Order(
@@ -1045,7 +1064,7 @@
// 宸ュ簭涓�1锛氬緟鍔犲伐 鐢熸垚鍔犲伐鍗�
if (proSts == 1) {
if (docType.getDocId().intValue() == 32) {
- String dbUuid = "JG" + uuid;
+ String dbUuid = "JG" + odNo;
Order order3 = orderService.selectByNo(dbUuid);
if (null == order3) {
order3 = new Order(
--
Gitblit v1.9.1