Skip to content

L
leaf-hlcm
Commit a65eab89 authored by 王炜's avatar 王炜
Browse files
Options

修改权限通用查询过滤sql注入问题,导致动态页面无法保存,追加jsonArray判断

parent 88c67ef1
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 13 deletions
src/main/java/leaf/service/http/AbstractFacadeServlet.java
View file @ a65eab89
......@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish;
import leaf.service.*;
import leaf.transaction.ITransactionService;
import leaf.transaction.UserTransactionImpl;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
......@@ -116,6 +117,7 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
if(it.getKey().equals("_request_data")&&!it.getValue()[0].isEmpty()){
JSONObject requestData = new JSONObject(it.getValue()[0]);
if(requestData.has("parameter")){
if(!(requestData.get("parameter") instanceof JSONArray)){
JSONObject paraOject=requestData.getJSONObject("parameter");
if (paraOject.has("trx_id")){
String trx_id=paraOject.get("trx_id").toString().toLowerCase();
......@@ -133,6 +135,8 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
}
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment