From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java | 103 +++++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 95 insertions(+), 8 deletions(-)
diff --git a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
index f92f070..22aaa45 100644
--- a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
+++ b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
@@ -16,7 +16,9 @@
import com.zy.asrs.utils.MatUtils;
import com.zy.common.model.DetlDto;
import com.zy.common.utils.NodeUtils;
+import lombok.Synchronized;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -59,6 +61,10 @@
private WrkDetlService wrkDetlService;
@Autowired
private ReportQueryMapper reportQueryMapper;
+ @Autowired
+ private AgvLocMastService agvLocMastService;
+ @Autowired
+ private AgvLocDetlService agvLocDetlService;
@Override
@Transactional
@@ -129,6 +135,9 @@
}
OrderDetl orderDetl = new OrderDetl();
orderDetl.sync(mat);
+ if (!Cools.isEmpty(detlDto.getCFree1())){
+ orderDetl.setSpecs(detlDto.getCFree1());
+ }
orderDetl.setBatch(detlDto.getBatch());
orderDetl.setAnfme(detlDto.getAnfme());
orderDetl.setOrderId(order.getId());
@@ -609,7 +618,7 @@
}
Tag tag = tagService.selectByName("鍏ㄩ儴", 1);
- Mat mat = matService.selectByMatnr(param.getCInvCCode());
+ Mat mat = matService.selectByMatnr(param.getCInvCode());
if (Cools.isEmpty(mat)) {
mat = new Mat();
mat.setTagId(tag.getId());
@@ -624,6 +633,7 @@
} else {
mat.setTagId(tag.getId());
syncMat(mat,param);
+ System.out.println(mat.getMaktx().length());
if (matService.updateById(mat)) {
callApiLogSave(mat, "/open/asrs/mat/v1", "鎺ユ敹ERP涓嬪彂鍟嗗搧淇℃伅鎴愬姛锛佹坊鍔犲晢鍝佷俊鎭垚鍔燂紒", true);
} else {
@@ -636,11 +646,11 @@
private void syncMat(Mat mat, MatSyncParam param){
Date date = new Date();
- mat.setMatnr(param.getCInvCCode());//鐗╂枡缂栫爜
+ mat.setMatnr(param.getCInvCode());//鐗╂枡缂栫爜
mat.setMaktx(param.getCInvName());//鐗╂枡鍚嶇О
mat.setSpecs(param.getCInvStd());//瑙勬牸
mat.setUnit(param.getCComUnitName());
- mat.setBeBatch(param.getBInvBatch());
+ mat.setBeBatch(Cools.eq("true",param.getBInvBatch()) ? 1 : 0);
mat.setStatus(param.getStates());
mat.setCreateBy(9999L);//9999琛ㄧずerp涓嬪彂
@@ -858,9 +868,29 @@
throw new CoolException("鍗曟嵁鍙傛暟涓虹┖鎴栬�呭崟鎹鎯呬负绌猴紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅");
}
+ Order orderOld = null;
+
if(!Cools.isEmpty(orderService.selectByNo(param.getCPOID()))){
- callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁澶辫触锛岃鍗曟嵁宸插瓨鍦紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅", false);
- throw new CoolException("璇ュ崟鎹凡瀛樺湪锛屾棤娉曠敓鎴愬崟鎹俊鎭�");
+
+ orderOld = orderService.selectByNo(param.getCPOID());
+ if(orderOld.getSettle() > 1){
+ throw new CoolException("璇ュ崟鎹凡鍦ㄤ綔涓氫腑锛屾棤娉曟洿鏀瑰崟鎹俊鎭�");
+ }
+
+// String orderNo = param.getCPOID();
+// if (orderNo.contains("-")){
+// int index = Integer.parseInt(orderNo.split("-")[1]) + 1;
+// orderNo = orderNo.split("-")[0] + "-" + index;
+// param.setcPOID(orderNo);
+// }else {
+// orderNo = orderNo + "-1";
+// param.setcPOID(orderNo);
+// }
+//
+// syncOrder(param,pakin,docName);
+
+ //callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁澶辫触锛岃鍗曟嵁宸插瓨鍦紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅", false);
+ //throw new CoolException("璇ュ崟鎹凡瀛樺湪锛屾棤娉曠敓鎴愬崟鎹俊鎭�");
}
Date now = new Date();
Order order = orderMapping(param,now,pakin,docName);
@@ -869,6 +899,12 @@
OrderDetl orderDetl = orderDetlMapping(order,od,now);
orderDetlService.insert(orderDetl);
});
+
+ if(!Cools.isEmpty(orderOld)){
+ //鍒犻櫎鍘熸湁鍗曟嵁淇℃伅
+ orderService.delete(new EntityWrapper<Order>().eq("id",orderOld.getId()));
+ orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_id",orderOld.getId()));
+ }
callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁鎴愬姛", true);
@@ -887,7 +923,50 @@
}
orderService.deleteById(order);
- orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_no",orderNo));
+ orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_id",order.getId()));
+
+ return true;
+ }
+
+ @Override
+ @Transactional
+ @Synchronized
+ public boolean checkAndAdjustLocDetl(CheckParam params) {
+
+ //鍒ゆ柇搴撲綅鏄惁瀛樺湪
+ AgvLocMast agvLocMast = agvLocMastService.selectById(params.getLocNo());
+ if(Cools.isEmpty(agvLocMast)){
+ throw new CoolException("搴撲綅鍙蜂笉瀛樺湪");
+ }
+
+ if(!Cools.eq("O",agvLocMast.getLocSts()) && !Cools.eq("F",agvLocMast.getLocSts())){
+ throw new CoolException("褰撳墠搴撲綅姝e湪浣滀笟涓紝鏃犳硶鐩樼偣璋冩暣");
+ }
+
+ if(Cools.isEmpty(params.getLocDetls())){
+ agvLocMast.setLocSts("O");
+ }else {
+ agvLocMast.setLocSts("F");
+ }
+
+ agvLocMastService.updateById(agvLocMast);
+
+ //鍒犻櫎鏃у簱瀛�
+ agvLocDetlService.delete(new EntityWrapper<AgvLocDetl>().eq("loc_no",params.getLocNo()));
+
+ //鏂板鐩樼偣搴撳瓨
+ for (DetlDto detlDto : params.getLocDetls()){
+ AgvLocDetl agvLocDetl = new AgvLocDetl();
+ Mat mat = matService.selectByMatnr(detlDto.getMatnr());
+ BeanUtils.copyProperties(mat,agvLocDetl);
+ agvLocDetl.setLocNo(params.getLocNo());
+ agvLocDetl.setSuppCode(params.getContainerCode());
+ agvLocDetl.setAnfme(detlDto.getAnfme());
+ agvLocDetl.setBatch(detlDto.getBatch());
+ agvLocDetl.setThreeCode(detlDto.getCsocode());
+ agvLocDetl.setDeadTime(detlDto.getIsoseq());
+ agvLocDetlService.insert(agvLocDetl);
+ }
return true;
}
@@ -904,9 +983,14 @@
//鍗曟嵁鏃ユ湡
order.setOrderTime(param.getDdate());
+ //渚涘簲鍟嗙紪鐮�
+ order.setSalesman(param.getCVenCode());
+
order.setMemo(param.getCMemo());
//鍒跺崟浜�
order.setShipCode(param.getCPersonCode());
+
+ order.setDefNumber(param.get鎿嶄綔绯荤粺鍙�());
order.setCreateTime(now);
order.setUpdateTime(now);
@@ -943,12 +1027,15 @@
//鏁伴噺
od.setAnfme(odParam.getIQuantity());
//閿�鍞鍗曞彿
- od.setThreeCode(odParam.getCsocode());
+ od.setThreeCode(odParam.getCDefine22());
//鑷敱椤�
od.setDeadTime(odParam.getBFree1());
//IDs
- od.setSku(odParam.getID());
+ od.setSku(odParam.getId());
+ od.setLength(odParam.getINum());
+
+ od.setSource(order.getDocType().intValue());
od.setStatus(1);
od.setQty(0.0D);
od.setCreateBy(9999L);
--
Gitblit v1.9.1