From 17925215d37dd97d744c9296b185aeb16d3e44fb Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 20:06:12 +0800
Subject: [PATCH] URL请求路径安全校验

---
 Source/UBCS/ubcs-service/ubcs-system/src/main/java/com/vci/ubcs/system/controller/RegionController.java |   17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-system/src/main/java/com/vci/ubcs/system/controller/RegionController.java b/Source/UBCS/ubcs-service/ubcs-system/src/main/java/com/vci/ubcs/system/controller/RegionController.java
index 787a19c..61186aa 100644
--- a/Source/UBCS/ubcs-service/ubcs-system/src/main/java/com/vci/ubcs/system/controller/RegionController.java
+++ b/Source/UBCS/ubcs-service/ubcs-system/src/main/java/com/vci/ubcs/system/controller/RegionController.java
@@ -20,9 +20,12 @@
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
+import com.vci.ubcs.system.entity.Region;
 import com.vci.ubcs.system.excel.RegionExcel;
 import com.vci.ubcs.system.excel.RegionImporter;
 import com.vci.ubcs.system.service.IRegionService;
+import com.vci.ubcs.system.vo.RegionVO;
 import com.vci.ubcs.system.wrapper.RegionWrapper;
 import io.swagger.annotations.*;
 import lombok.AllArgsConstructor;
@@ -33,8 +36,7 @@
 import org.springblade.core.tenant.annotation.NonDS;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.utils.DateUtil;
-import com.vci.ubcs.system.entity.Region;
-import com.vci.ubcs.system.vo.RegionVO;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import springfox.documentation.annotations.ApiIgnore;
@@ -58,6 +60,12 @@
 public class RegionController extends BladeController {
 
 	private final IRegionService regionService;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	@Autowired
+	private ComprehensiveFileValidator fileValidator;
 
 	/**
 	 * 璇︽儏
@@ -170,6 +178,11 @@
 	@ApiOperationSupport(order = 10)
 	@ApiOperation(value = "瀵煎叆琛屾斂鍖哄垝", notes = "浼犲叆excel")
 	public R importRegion(MultipartFile file, Integer isCovered) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
 		RegionImporter regionImporter = new RegionImporter(regionService, isCovered == 1);
 		ExcelUtil.save(file, regionImporter, RegionExcel.class);
 		return R.success("鎿嶄綔鎴愬姛");

--
Gitblit v1.9.3