From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java | 61 ++++++++++++++++++------------
1 files changed, 36 insertions(+), 25 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
index 1921a91..3c11372 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
@@ -38,7 +38,10 @@
import com.vci.ubcs.code.webService.annotation.VciWebservice;
import com.vci.ubcs.code.webService.config.AttributeMapConfig;
import com.vci.ubcs.code.webService.config.PersonAndDeptConfig;
+import com.vci.ubcs.omd.cache.EnumCache;
import com.vci.ubcs.omd.feign.IBtmTypeClient;
+import com.vci.ubcs.omd.feign.IDictClient;
+import com.vci.ubcs.omd.feign.IEnumClient;
import com.vci.ubcs.omd.vo.BtmTypeVO;
import com.vci.ubcs.starter.exception.VciBaseException;
import com.vci.ubcs.starter.revision.model.TreeQueryObject;
@@ -941,29 +944,29 @@
orderDTO.setSecDTOList(codeOrderSecDTOList);//瀛樺偍缂栫爜
orderDTO.setData(rowData.getFiledValue());
String code = engineService.addSaveCodeNotauthUser(orderDTO,false);
- /*if(StringUtils.isNotBlank(code)) {
- //rowData.setCode(code);
- StringBuffer sqlsb = new StringBuffer();
- sqlsb.append(" select * from ");
- sqlsb.append(tableName);
- sqlsb.append(" where 1=1 ");
- sqlsb.append(" and lastr=1 and lastv=1");
- sqlsb.append(" and id in (");
- sqlsb.append(VciBaseUtil.toInSql(code));
- sqlsb.append(")");
- List<Map<String, String>> newDataMapList = commonsMapper.queryByOnlySqlForMap(sqlsb.toString());
- if (!CollectionUtils.isEmpty(newDataMapList)) {
- String oid = StringUtils.isBlank(newDataMapList.get(0).get("OID")) ? "" : newDataMapList.get(0).get("OID");
- List<String> oidList = new ArrayList<>();
- oidList.add(oid);
- //濡傛灉鏈夌敵璇峰氨鍘昏皟鐢ㄧ敵璇烽泦鍥㈢爜
- if (isPersonApplyGroupCode) {
- mdmIOService.sendApplyGroupcode(oidList, templateVO.getBtmTypeId(), sysIntegrationPushTypeEnum.ACCPET_APPCODE.getValue());
- success.set(true);
- mesg = "鏁版嵁淇濆瓨鎴愬姛锛岀瓑寰呯敵璇烽泦鍥㈢爜";
+ /*if(StringUtils.isNotBlank(code)) {
+ //rowData.setCode(code);
+ StringBuffer sqlsb = new StringBuffer();
+ sqlsb.append(" select * from ");
+ sqlsb.append(tableName);
+ sqlsb.append(" where 1=1 ");
+ sqlsb.append(" and lastr=1 and lastv=1");
+ sqlsb.append(" and id in (");
+ sqlsb.append(VciBaseUtil.toInSql(code));
+ sqlsb.append(")");
+ List<Map<String, String>> newDataMapList = commonsMapper.queryByOnlySqlForMap(sqlsb.toString());
+ if (!CollectionUtils.isEmpty(newDataMapList)) {
+ String oid = StringUtils.isBlank(newDataMapList.get(0).get("OID")) ? "" : newDataMapList.get(0).get("OID");
+ List<String> oidList = new ArrayList<>();
+ oidList.add(oid);
+ //濡傛灉鏈夌敵璇峰氨鍘昏皟鐢ㄧ敵璇烽泦鍥㈢爜
+ if (isPersonApplyGroupCode) {
+ mdmIOService.sendApplyGroupcode(oidList, templateVO.getBtmTypeId(), sysIntegrationPushTypeEnum.ACCPET_APPCODE.getValue());
+ success.set(true);
+ mesg = "鏁版嵁淇濆瓨鎴愬姛锛岀瓑寰呯敵璇烽泦鍥㈢爜";
+ }
}
- }
- }*/
+ }*/
} catch (Exception e) {
log.error( "閮ㄩ棬鏁版嵁鎺ユ敹澶辫触:",e);
mesg=e.getMessage();
@@ -2423,8 +2426,13 @@
return codeOrderSecDTOList;
}
- /***
+ /**
* 鏍规嵁浼犲叆鐨勫弬鏁颁俊鎭牎楠岀爜娈佃鍒�
+ * @param SectionVOList
+ * @param ruleVO
+ * @param classifyFullInfo
+ * @return
+ * @throws Throwable
*/
private List<CodeOrderSecDTO> getRuleCodeOrderSecDTOs(List<SectionVO> SectionVOList,CodeRuleVO ruleVO,CodeClassifyFullInfoBO classifyFullInfo) throws Throwable{
List<CodeBasicSecVO> codeBasicSecVOS= ruleVO.getSecVOList();
@@ -2440,6 +2448,9 @@
// String newSecName=codeBasicSecVO.getName();
String classifySecOid= codeBasicSecVO.getOid();
String message="";
+ //#NaN?琛ㄧず鐮佸�间负绌虹殑鍦烘櫙
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
if (!sectype.equals(CodeSecTypeEnum.CODE_SERIAL_SEC.getValue())) {
String name = codeBasicSecVO.getName();
String sectypeText = codeBasicSecVO.getSecTypeText();
@@ -2456,8 +2467,8 @@
List<CodeClassifyValue> codeClassifyValueDOList = codeClassifyValueService.list(Wrappers.<CodeClassifyValue>query().lambda().eq(CodeClassifyValue::getCodeClassifySecOid,classifySecOid));
if (!CollectionUtils.isEmpty(codeClassifyValueDOList)) {
Map<String, CodeClassifyValue> codeClassifyValueDOMap = codeClassifyValueDOList.stream().collect(Collectors.toMap(s -> s.getId(), t -> t, (o1, o2) -> o2));
- if(codeClassifyValueDOMap.containsKey(sectypeValue)){
- CodeClassifyValue codeClassifyValue= codeClassifyValueDOMap.get(sectypeValue);
+ if(codeClassifyValueDOMap.containsKey(sectypeValue) || nullSymbol.equals(sectypeValue)){
+ CodeClassifyValue codeClassifyValue = codeClassifyValueDOMap.get(sectypeValue);
sectypeValue=codeClassifyValue.getOid();
}else {
//throw new Throwable("浼犲叆鐨勫垎绫荤爜娈碉細銆�" + name + " 鍊硷細" + sectypeValue + "銆戯紝涓嶇鍚堝綋鍓嶅垎绫诲眰绾т唬鍙�");
--
Gitblit v1.9.3