Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
leaf-hlcm
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
hlcm
leaf-hlcm
Commits
a65eab89
Commit
a65eab89
authored
Jun 27, 2024
by
王炜
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
修改权限通用查询过滤sql注入问题,导致动态页面无法保存,追加jsonArray判断
parent
88c67ef1
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
17 additions
and
13 deletions
+17
-13
AbstractFacadeServlet.java
src/main/java/leaf/service/http/AbstractFacadeServlet.java
+17
-13
No files found.
src/main/java/leaf/service/http/AbstractFacadeServlet.java
View file @
a65eab89
...
@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish;
...
@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish;
import
leaf.service.*
;
import
leaf.service.*
;
import
leaf.transaction.ITransactionService
;
import
leaf.transaction.ITransactionService
;
import
leaf.transaction.UserTransactionImpl
;
import
leaf.transaction.UserTransactionImpl
;
import
org.json.JSONArray
;
import
org.json.JSONObject
;
import
org.json.JSONObject
;
import
org.springframework.security.web.csrf.CsrfToken
;
import
org.springframework.security.web.csrf.CsrfToken
;
import
org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
;
import
org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
;
...
@@ -116,6 +117,7 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
...
@@ -116,6 +117,7 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
if
(
it
.
getKey
().
equals
(
"_request_data"
)&&!
it
.
getValue
()[
0
].
isEmpty
()){
if
(
it
.
getKey
().
equals
(
"_request_data"
)&&!
it
.
getValue
()[
0
].
isEmpty
()){
JSONObject
requestData
=
new
JSONObject
(
it
.
getValue
()[
0
]);
JSONObject
requestData
=
new
JSONObject
(
it
.
getValue
()[
0
]);
if
(
requestData
.
has
(
"parameter"
)){
if
(
requestData
.
has
(
"parameter"
)){
if
(!(
requestData
.
get
(
"parameter"
)
instanceof
JSONArray
)){
JSONObject
paraOject
=
requestData
.
getJSONObject
(
"parameter"
);
JSONObject
paraOject
=
requestData
.
getJSONObject
(
"parameter"
);
if
(
paraOject
.
has
(
"trx_id"
)){
if
(
paraOject
.
has
(
"trx_id"
)){
String
trx_id
=
paraOject
.
get
(
"trx_id"
).
toString
().
toLowerCase
();
String
trx_id
=
paraOject
.
get
(
"trx_id"
).
toString
().
toLowerCase
();
...
@@ -133,6 +135,8 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
...
@@ -133,6 +135,8 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
}
}
}
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment