From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/service/impl/OrderServiceImpl.java | 92 +++++++++++++++++++++++++++++++---------------
1 files changed, 62 insertions(+), 30 deletions(-)
diff --git a/src/main/java/com/zy/asrs/service/impl/OrderServiceImpl.java b/src/main/java/com/zy/asrs/service/impl/OrderServiceImpl.java
index a5bc1f3..f7815d7 100644
--- a/src/main/java/com/zy/asrs/service/impl/OrderServiceImpl.java
+++ b/src/main/java/com/zy/asrs/service/impl/OrderServiceImpl.java
@@ -11,9 +11,11 @@
import com.zy.asrs.entity.*;
import com.zy.asrs.entity.param.OpenOrderPakinParam;
import com.zy.asrs.entity.param.OpenOrderPakoutParam;
+import com.zy.asrs.entity.param.ReportErpParam;
import com.zy.asrs.mapper.OrderDetlMapper;
import com.zy.asrs.mapper.OrderMapper;
import com.zy.asrs.service.*;
+import com.zy.asrs.task.handler.OrderSyncHandler;
import com.zy.common.model.DetlDto;
import com.zy.common.model.OrderDto;
import com.zy.common.model.OrderMergeVo;
@@ -25,7 +27,8 @@
import org.springframework.stereotype.Service;
import java.text.SimpleDateFormat;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
@Slf4j
@Service("orderService")
@@ -58,6 +61,12 @@
@Autowired
private ManPakOutService manPakOutService;
+ @Autowired
+ private OrderSyncHandler orderSyncHandler;
+
+ @Autowired
+ private AgvLocMastService agvLocMastService;
+
@Value("${u8.url}")
private String url;
@@ -84,9 +93,14 @@
}
@Override
- public void checkComplete(String orderNo) {
+ public boolean updateSettle2(Long orderId, Long settle, Integer plt) {
+ return this.baseMapper.updateSettle2(orderId, settle, plt) > 0;
+ }
+
+ @Override
+ public void checkComplete(String orderNo, String locNo) {
Order order = this.selectByNo(orderNo);
- if(Cools.isEmpty(order)){
+ if (Cools.isEmpty(order)) {
return;
}
if (order.getSettle() >= 4L) {
@@ -101,20 +115,33 @@
break;
}
}
+ Integer pltType = null;
+ //浠撳簱缂栫爜
+ if (Cools.isEmpty(order.getPltType())) {
+ AgvLocMast locNo1 = agvLocMastService.selectOne(new EntityWrapper<AgvLocMast>().eq("loc_no", locNo));
+ pltType = locNo1.getPltType();
+ }
// 濡傛灉 浣滀笟鏁伴噺绛変簬鍗曟嵁鎬绘暟閲� && 宸ヤ綔鏄庣粏妗d腑鏃犺鍗曟嵁鐨勬暟鎹� && AGV宸ヤ綔鏄庣粏妗d腑鏃犺鍗曟嵁鐨勬暟鎹�
int count = wrkDetlService.selectCount(new EntityWrapper<WrkDetl>().eq("order_no", orderNo));
boolean wrkDeltExist = wrkDetlService.selectCount(new EntityWrapper<WrkDetl>().like("order_no", orderNo)) < 1;
- boolean agvWrkDetlExist = agvWrkDetlService.selectCount(new EntityWrapper<AgvWrkDetl>().like("order_no",orderNo)) < 1;
- boolean waitPakinExist = agvWaitPakinService.selectCount(new EntityWrapper<AgvWaitPakin>().like("order_no",orderNo)) < 1;
+ boolean agvWrkDetlExist = agvWrkDetlService.selectCount(new EntityWrapper<AgvWrkDetl>().like("order_no", orderNo)) < 1;
+ boolean waitPakinExist = agvWaitPakinService.selectCount(new EntityWrapper<AgvWaitPakin>().like("order_no", orderNo)) < 1;
ManPakOut manPakOut = manPakOutService.selectByOrderWithName(orderNo);
- boolean manPakoutExist = Cools.isEmpty(manPakOut) || (manPakOut.getPayment() != null && manPakOut.getPayment() == 1);
+ boolean manPakoutExist = Cools.isEmpty(manPakOut) || (manPakOut.getPayment() != null && manPakOut.getPayment() == 1);
if (complete && wrkDeltExist && agvWrkDetlExist && waitPakinExist && manPakoutExist) {
- if (!this.updateSettle(order.getId(), 4L, null)) {
+ if (!this.updateSettle2(order.getId(), 4L, pltType)) {
throw new CoolException("淇敼璁㈠崟銆恛rderNo = " + order.getOrderNo() + "銆戠姸鎬佷负宸插畬鎴愬け璐�");
}
+ } else {
+ if (!Cools.isEmpty(pltType)) {
+ order.setPltType(pltType);
+ super.updateById(order);
+ }
+
}
+
}
@@ -153,7 +180,7 @@
}
for (DetlDto detlDto : detlDtos) {
// 淇敼璁㈠崟鏄庣粏鏁伴噺
- if (!orderDetlService.increase(order.getId(), detlDto.getMatnr(), detlDto.getBatch(), detlDto.getAnfme(),detlDto.getCsocode(),detlDto.getIsoseq())) {
+ if (!orderDetlService.increase(order.getId(), detlDto.getMatnr(), detlDto.getBatch(), detlDto.getAnfme(), detlDto.getCsocode(), detlDto.getIsoseq())) {
throw new CoolException("淇敼鍗曟嵁鏄庣粏鏁伴噺澶辫触");
}
}
@@ -179,26 +206,30 @@
public void report(Long orderId, String username) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Order order = this.selectById(orderId);
- Map<String, Object> param = new HashMap<>();
- param.put("id",order.getOrderNo());
- param.put("dDate",sdf.format(new Date()));
- param.put("cHandler",username);
-
- List<Map<String,Object>> orderDetlsParam = new ArrayList<>();
- param.put("orderDetails",orderDetlsParam);
+// Map<String, Object> param = new HashMap<>();
+// param.put("id",order.getOrderNo());
+// param.put("dDate",sdf.format(new Date()));
+// param.put("cHandler",username);
+//
+// List<Map<String,Object>> orderDetlsParam = new ArrayList<>();
+// param.put("orderDetails",orderDetlsParam);
List<OrderDetl> orderDetls = orderDetlService.selectByOrderId(orderId);
- for (OrderDetl orderDetl : orderDetls){
- Map<String, Object> odMap = new HashMap<>();
- odMap.put("autoid",orderDetl.getItemNum());
- odMap.put("iQuantity",orderDetl.getQty());
- orderDetlsParam.add(odMap);
- }
+ ReportErpParam reportErpParam = new ReportErpParam();
+ orderSyncHandler.mappingParam(order, reportErpParam);
+ orderSyncHandler.mappingParamChildren(orderDetls, reportErpParam);
- int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
+// for (OrderDetl orderDetl : orderDetls){
+// Map<String, Object> odMap = new HashMap<>();
+// odMap.put("autoid",orderDetl.getItemNum());
+// odMap.put("iQuantity",orderDetl.getQty());
+// orderDetlsParam.add(odMap);
+// }
+
+ int code = doHttpRequest(reportErpParam, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
//int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", "localhost:8080", "/test/report", null, "127.0.0.1");
- if(code == 0){
+ if (code == 0) {
order.setSettle(6L);
this.updateById(order);
}
@@ -219,7 +250,7 @@
for (OrderDetl orderDetl : orderDetls) {
Double leave = orderDetl.getAnfme() - orderDetl.getQty();
OrderMergeVo vo = new OrderMergeVo(orderDetl.getMatnr(), orderDetl.getBatch(), leave);
- OrderDto orderDto = new OrderDto(orderDetl.getOrderNo(), null,null, leave);
+ OrderDto orderDto = new OrderDto(orderDetl.getOrderNo(), null, null, leave);
if (OrderMergeVo.has(result, vo)) {
OrderMergeVo exist = OrderMergeVo.find(result, vo.getMatnr(), vo.getBatch());
assert exist != null;
@@ -240,6 +271,7 @@
}
return result;
}
+
@Override
public List<Order> selectorderNoL(String orderNo) {
return this.baseMapper.selectorderNoL(orderNo);
@@ -247,12 +279,12 @@
@Override
public List<Order> selectToBeHistoryOrder() {
- return this.selectList(new EntityWrapper<Order>().eq("status",1).ge("settle",6));
+ return this.selectList(new EntityWrapper<Order>().eq("status", 1).ge("settle", 6));
//return this.baseMapper.selectToBeHistoryOrder();
}
- private int doHttpRequest(Object requestParam, String namespace, String url, String path, String appkey, String ip){
+ private int doHttpRequest(Object requestParam, String namespace, String url, String path, String appkey, String ip) {
String response = "";
boolean success = false;
@@ -265,20 +297,20 @@
.doPost();
JSONObject jsonObject = JSON.parseObject(response);
- if(Cools.isEmpty(jsonObject.get("errCode"))){
+ if (Cools.isEmpty(jsonObject.get("errCode"))) {
throw new CoolException(jsonObject.get("Message").toString());
}
int code = (int) jsonObject.get("errCode");
- if(code != 0){
+ if (code != 0) {
throw new CoolException(jsonObject.get("errMsg").toString());
}
success = true;
return code;
- }catch (Exception e){
+ } catch (Exception e) {
log.error(e.getMessage());
throw new CoolException("璋冪敤鎺ュ彛鍝嶅簲閿欒");
- }finally {
+ } finally {
apiLogService.save(
namespace,
url + path,
--
Gitblit v1.9.1