From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java | 259 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 251 insertions(+), 8 deletions(-)
diff --git a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
index d882f6a..22aaa45 100644
--- a/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
+++ b/src/main/java/com/zy/asrs/service/impl/OpenServiceImpl.java
@@ -16,7 +16,9 @@
import com.zy.asrs.utils.MatUtils;
import com.zy.common.model.DetlDto;
import com.zy.common.utils.NodeUtils;
+import lombok.Synchronized;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -59,6 +61,10 @@
private WrkDetlService wrkDetlService;
@Autowired
private ReportQueryMapper reportQueryMapper;
+ @Autowired
+ private AgvLocMastService agvLocMastService;
+ @Autowired
+ private AgvLocDetlService agvLocDetlService;
@Override
@Transactional
@@ -129,10 +135,14 @@
}
OrderDetl orderDetl = new OrderDetl();
orderDetl.sync(mat);
+ if (!Cools.isEmpty(detlDto.getCFree1())){
+ orderDetl.setSpecs(detlDto.getCFree1());
+ }
orderDetl.setBatch(detlDto.getBatch());
orderDetl.setAnfme(detlDto.getAnfme());
orderDetl.setOrderId(order.getId());
orderDetl.setOrderNo(order.getOrderNo());
+ orderDetl.setSource(docType.getDocId().intValue());
orderDetl.setCreateBy(9527L);
orderDetl.setCreateTime(now);
orderDetl.setUpdateBy(9527L);
@@ -143,6 +153,84 @@
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃鑱旂郴绠$悊鍛�");
}
}
+// 鐢熸垚璋冩嫧鍗�
+ if (docType.getDocId().intValue() == 32) {
+ order = new Order(
+ String.valueOf(snowflakeIdWorker.nextId()), // 缂栧彿[闈炵┖]
+ "DB" + param.getOrderNo(), // 璁㈠崟缂栧彿
+ DateUtils.convert(now), // 鍗曟嵁鏃ユ湡
+ 33L, // 鍗曟嵁绫诲瀷
+ null, // 椤圭洰缂栧彿
+ null, //
+ null, // 璋冩嫧椤圭洰缂栧彿
+ null, // 鍒濆绁ㄦ嵁鍙�
+ null, // 绁ㄦ嵁鍙�
+ null, // 瀹㈡埛缂栧彿
+ null, // 瀹㈡埛
+ null, // 鑱旂郴鏂瑰紡
+ null, // 鎿嶄綔浜哄憳
+ null, // 鍚堣閲戦
+ null, // 浼樻儬鐜�
+ null, // 浼樻儬閲戦
+ null, // 閿�鍞垨閲囪喘璐圭敤鍚堣
+ null, // 瀹炰粯閲戦
+ null, // 浠樻绫诲瀷
+ null, // 涓氬姟鍛�
+ null, // 缁撶畻澶╂暟
+ null, // 閭垂鏀粯绫诲瀷
+ null, // 閭垂
+ null, // 浠樻鏃堕棿
+ null, // 鍙戣揣鏃堕棿
+ null, // 鐗╂祦鍚嶇О
+ null, // 鐗╂祦鍗曞彿
+ 1L, // 璁㈠崟鐘舵��
+ 1, // 鐘舵��
+ 9527L, // 娣诲姞浜哄憳
+ now, // 娣诲姞鏃堕棿
+ 9527L, // 淇敼浜哄憳
+ now, // 淇敼鏃堕棿
+ null // 澶囨敞
+ );
+ if (!orderService.insert(order)) {
+ throw new CoolException("鐢熸垚鍗婃垚鍝佽皟鎷ㄥ崟澶辫触");
+ }
+ List<DetlDto> dbList = new ArrayList<>();
+ List<DetlDto> dbOrderDetails = param.getOrderDetails();
+ // 鍗曟嵁鏄庣粏妗�
+ for (DetlDto detail : orderDetails) {
+ DetlDto dto = new DetlDto(detail.getMatnr(), detail.getBatch(), detail.getAnfme());
+ if (DetlDto.has(dbList, dto)) {
+ DetlDto detlDto = DetlDto.find(dbList, dto.getMatnr(), dto.getBatch(),dto.getCsocode(),dto.getIsoseq(),null);
+ assert detlDto != null;
+ detlDto.setAnfme(detlDto.getAnfme() + detail.getAnfme());
+ } else {
+ dbList.add(dto);
+ }
+ }
+ for (DetlDto detlDto : dbList) {
+ Mat mat = matService.selectByMatnr(detlDto.getMatnr());
+ if (Cools.isEmpty(mat)) {
+ throw new CoolException(detlDto.getMatnr() + "缂栧彿鍟嗗搧妫�绱㈠け璐ワ紝璇峰厛娣诲姞鍟嗗搧");
+ }
+ OrderDetl orderDetl = new OrderDetl();
+ orderDetl.sync(mat);
+ orderDetl.setBatch(detlDto.getBatch());
+ orderDetl.setAnfme(detlDto.getAnfme());
+ orderDetl.setOrderId(order.getId());
+ orderDetl.setOrderNo(order.getOrderNo());
+ orderDetl.setSource(docType.getDocId().intValue());
+ orderDetl.setCreateBy(9527L);
+ orderDetl.setCreateTime(now);
+ orderDetl.setUpdateBy(9527L);
+ orderDetl.setUpdateTime(now);
+ orderDetl.setStatus(1);
+ orderDetl.setQty(0.0D);
+ if (!orderDetlService.insert(orderDetl)) {
+ throw new CoolException("鐢熸垚鍗婃垚鍝佽皟鎷ㄥ崟鏄庣粏妗eけ璐ワ紝璇疯仈绯荤鐞嗗憳");
+ }
+ }
+ }
+
}
@Override
@@ -268,6 +356,7 @@
orderDetl.setAnfme(detlDto.getAnfme());
orderDetl.setOrderId(order.getId());
orderDetl.setOrderNo(order.getOrderNo());
+ orderDetl.setSource(docType.getDocId().intValue());
orderDetl.setCreateBy(9527L);
orderDetl.setCreateTime(now);
orderDetl.setUpdateBy(9527L);
@@ -276,6 +365,82 @@
orderDetl.setQty(0.0D);
if (!orderDetlService.insert(orderDetl)) {
throw new CoolException("鐢熸垚鍗曟嵁鏄庣粏澶辫触锛岃鑱旂郴绠$悊鍛�");
+ }
+ }
+ if (docType.getDocId().intValue() == 32) {
+ order = new Order(
+ String.valueOf(snowflakeIdWorker.nextId()), // 缂栧彿[闈炵┖]
+ "DB" + param.getOrderNo(), // 璁㈠崟缂栧彿
+ DateUtils.convert(now), // 鍗曟嵁鏃ユ湡
+ 33L, // 鍗曟嵁绫诲瀷
+ null, // 椤圭洰缂栧彿
+ null, //
+ null, // 璋冩嫧椤圭洰缂栧彿
+ null, // 鍒濆绁ㄦ嵁鍙�
+ null, // 绁ㄦ嵁鍙�
+ null, // 瀹㈡埛缂栧彿
+ null, // 瀹㈡埛
+ null, // 鑱旂郴鏂瑰紡
+ null, // 鎿嶄綔浜哄憳
+ null, // 鍚堣閲戦
+ null, // 浼樻儬鐜�
+ null, // 浼樻儬閲戦
+ null, // 閿�鍞垨閲囪喘璐圭敤鍚堣
+ null, // 瀹炰粯閲戦
+ null, // 浠樻绫诲瀷
+ null, // 涓氬姟鍛�
+ null, // 缁撶畻澶╂暟
+ null, // 閭垂鏀粯绫诲瀷
+ null, // 閭垂
+ null, // 浠樻鏃堕棿
+ null, // 鍙戣揣鏃堕棿
+ null, // 鐗╂祦鍚嶇О
+ null, // 鐗╂祦鍗曞彿
+ 1L, // 璁㈠崟鐘舵��
+ 1, // 鐘舵��
+ 9527L, // 娣诲姞浜哄憳
+ now, // 娣诲姞鏃堕棿
+ 9527L, // 淇敼浜哄憳
+ now, // 淇敼鏃堕棿
+ null // 澶囨敞
+ );
+ if (!orderService.insert(order)) {
+ throw new CoolException("鐢熸垚鍗婃垚鍝佽皟鎷ㄥ崟澶辫触");
+ }
+ List<DetlDto> dbList = new ArrayList<>();
+ List<DetlDto> dbOrderDetails = param.getOrderDetails();
+ // 鍗曟嵁鏄庣粏妗�
+ for (DetlDto detail : orderDetails) {
+ DetlDto dto = new DetlDto(detail.getMatnr(), detail.getBatch(), detail.getAnfme());
+ if (DetlDto.has(dbList, dto)) {
+ DetlDto detlDto = DetlDto.find(dbList, dto.getMatnr(), dto.getBatch(),dto.getCsocode(),dto.getIsoseq(),null);
+ assert detlDto != null;
+ detlDto.setAnfme(detlDto.getAnfme() + detail.getAnfme());
+ } else {
+ dbList.add(dto);
+ }
+ }
+ for (DetlDto detlDto : dbList) {
+ Mat mat = matService.selectByMatnr(detlDto.getMatnr());
+ if (Cools.isEmpty(mat)) {
+ throw new CoolException(detlDto.getMatnr() + "缂栧彿鍟嗗搧妫�绱㈠け璐ワ紝璇峰厛娣诲姞鍟嗗搧");
+ }
+ OrderDetl orderDetl = new OrderDetl();
+ orderDetl.sync(mat);
+ orderDetl.setBatch(detlDto.getBatch());
+ orderDetl.setAnfme(detlDto.getAnfme());
+ orderDetl.setOrderId(order.getId());
+ orderDetl.setOrderNo(order.getOrderNo());
+ orderDetl.setSource(docType.getDocId().intValue());
+ orderDetl.setCreateBy(9527L);
+ orderDetl.setCreateTime(now);
+ orderDetl.setUpdateBy(9527L);
+ orderDetl.setUpdateTime(now);
+ orderDetl.setStatus(1);
+ orderDetl.setQty(0.0D);
+ if (!orderDetlService.insert(orderDetl)) {
+ throw new CoolException("鐢熸垚鍗婃垚鍝佽皟鎷ㄥ崟鏄庣粏妗eけ璐ワ紝璇疯仈绯荤鐞嗗憳");
+ }
}
}
}
@@ -453,7 +618,7 @@
}
Tag tag = tagService.selectByName("鍏ㄩ儴", 1);
- Mat mat = matService.selectByMatnr(param.getCInvCCode());
+ Mat mat = matService.selectByMatnr(param.getCInvCode());
if (Cools.isEmpty(mat)) {
mat = new Mat();
mat.setTagId(tag.getId());
@@ -468,6 +633,7 @@
} else {
mat.setTagId(tag.getId());
syncMat(mat,param);
+ System.out.println(mat.getMaktx().length());
if (matService.updateById(mat)) {
callApiLogSave(mat, "/open/asrs/mat/v1", "鎺ユ敹ERP涓嬪彂鍟嗗搧淇℃伅鎴愬姛锛佹坊鍔犲晢鍝佷俊鎭垚鍔燂紒", true);
} else {
@@ -480,11 +646,11 @@
private void syncMat(Mat mat, MatSyncParam param){
Date date = new Date();
- mat.setMatnr(param.getCInvCCode());//鐗╂枡缂栫爜
+ mat.setMatnr(param.getCInvCode());//鐗╂枡缂栫爜
mat.setMaktx(param.getCInvName());//鐗╂枡鍚嶇О
mat.setSpecs(param.getCInvStd());//瑙勬牸
mat.setUnit(param.getCComUnitName());
- mat.setBeBatch(param.getBInvBatch());
+ mat.setBeBatch(Cools.eq("true",param.getBInvBatch()) ? 1 : 0);
mat.setStatus(param.getStates());
mat.setCreateBy(9999L);//9999琛ㄧずerp涓嬪彂
@@ -702,9 +868,29 @@
throw new CoolException("鍗曟嵁鍙傛暟涓虹┖鎴栬�呭崟鎹鎯呬负绌猴紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅");
}
+ Order orderOld = null;
+
if(!Cools.isEmpty(orderService.selectByNo(param.getCPOID()))){
- callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁澶辫触锛岃鍗曟嵁宸插瓨鍦紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅", false);
- throw new CoolException("璇ュ崟鎹凡瀛樺湪锛屾棤娉曠敓鎴愬崟鎹俊鎭�");
+
+ orderOld = orderService.selectByNo(param.getCPOID());
+ if(orderOld.getSettle() > 1){
+ throw new CoolException("璇ュ崟鎹凡鍦ㄤ綔涓氫腑锛屾棤娉曟洿鏀瑰崟鎹俊鎭�");
+ }
+
+// String orderNo = param.getCPOID();
+// if (orderNo.contains("-")){
+// int index = Integer.parseInt(orderNo.split("-")[1]) + 1;
+// orderNo = orderNo.split("-")[0] + "-" + index;
+// param.setcPOID(orderNo);
+// }else {
+// orderNo = orderNo + "-1";
+// param.setcPOID(orderNo);
+// }
+//
+// syncOrder(param,pakin,docName);
+
+ //callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁澶辫触锛岃鍗曟嵁宸插瓨鍦紝鏃犳硶鐢熸垚鍗曟嵁淇℃伅", false);
+ //throw new CoolException("璇ュ崟鎹凡瀛樺湪锛屾棤娉曠敓鎴愬崟鎹俊鎭�");
}
Date now = new Date();
Order order = orderMapping(param,now,pakin,docName);
@@ -713,6 +899,12 @@
OrderDetl orderDetl = orderDetlMapping(order,od,now);
orderDetlService.insert(orderDetl);
});
+
+ if(!Cools.isEmpty(orderOld)){
+ //鍒犻櫎鍘熸湁鍗曟嵁淇℃伅
+ orderService.delete(new EntityWrapper<Order>().eq("id",orderOld.getId()));
+ orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_id",orderOld.getId()));
+ }
callApiLogSave(param, "/order/pakout/default/v1", "鎺ュ彈鍗曟嵁鎴愬姛", true);
@@ -731,7 +923,50 @@
}
orderService.deleteById(order);
- orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_no",orderNo));
+ orderDetlService.delete(new EntityWrapper<OrderDetl>().eq("order_id",order.getId()));
+
+ return true;
+ }
+
+ @Override
+ @Transactional
+ @Synchronized
+ public boolean checkAndAdjustLocDetl(CheckParam params) {
+
+ //鍒ゆ柇搴撲綅鏄惁瀛樺湪
+ AgvLocMast agvLocMast = agvLocMastService.selectById(params.getLocNo());
+ if(Cools.isEmpty(agvLocMast)){
+ throw new CoolException("搴撲綅鍙蜂笉瀛樺湪");
+ }
+
+ if(!Cools.eq("O",agvLocMast.getLocSts()) && !Cools.eq("F",agvLocMast.getLocSts())){
+ throw new CoolException("褰撳墠搴撲綅姝e湪浣滀笟涓紝鏃犳硶鐩樼偣璋冩暣");
+ }
+
+ if(Cools.isEmpty(params.getLocDetls())){
+ agvLocMast.setLocSts("O");
+ }else {
+ agvLocMast.setLocSts("F");
+ }
+
+ agvLocMastService.updateById(agvLocMast);
+
+ //鍒犻櫎鏃у簱瀛�
+ agvLocDetlService.delete(new EntityWrapper<AgvLocDetl>().eq("loc_no",params.getLocNo()));
+
+ //鏂板鐩樼偣搴撳瓨
+ for (DetlDto detlDto : params.getLocDetls()){
+ AgvLocDetl agvLocDetl = new AgvLocDetl();
+ Mat mat = matService.selectByMatnr(detlDto.getMatnr());
+ BeanUtils.copyProperties(mat,agvLocDetl);
+ agvLocDetl.setLocNo(params.getLocNo());
+ agvLocDetl.setSuppCode(params.getContainerCode());
+ agvLocDetl.setAnfme(detlDto.getAnfme());
+ agvLocDetl.setBatch(detlDto.getBatch());
+ agvLocDetl.setThreeCode(detlDto.getCsocode());
+ agvLocDetl.setDeadTime(detlDto.getIsoseq());
+ agvLocDetlService.insert(agvLocDetl);
+ }
return true;
}
@@ -748,9 +983,14 @@
//鍗曟嵁鏃ユ湡
order.setOrderTime(param.getDdate());
+ //渚涘簲鍟嗙紪鐮�
+ order.setSalesman(param.getCVenCode());
+
order.setMemo(param.getCMemo());
//鍒跺崟浜�
order.setShipCode(param.getCPersonCode());
+
+ order.setDefNumber(param.get鎿嶄綔绯荤粺鍙�());
order.setCreateTime(now);
order.setUpdateTime(now);
@@ -787,12 +1027,15 @@
//鏁伴噺
od.setAnfme(odParam.getIQuantity());
//閿�鍞鍗曞彿
- od.setThreeCode(odParam.getCsocode());
+ od.setThreeCode(odParam.getCDefine22());
//鑷敱椤�
od.setDeadTime(odParam.getBFree1());
//IDs
- od.setSku(odParam.getID());
+ od.setSku(odParam.getId());
+ od.setLength(odParam.getINum());
+
+ od.setSource(order.getDocType().intValue());
od.setStatus(1);
od.setQty(0.0D);
od.setCreateBy(9999L);
--
Gitblit v1.9.1