From 504dcb79430e0010e6b443e1ae2ef7f35b86e1a7 Mon Sep 17 00:00:00 2001
From: 田源 <lastanimals@163.com>
Date: 星期五, 01 十二月 2023 14:35:59 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
index 2dd56b5..094677d 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
@@ -44,6 +44,7 @@
 import com.vci.ubcs.starter.revision.service.RevisionModelUtil;
 import com.vci.ubcs.starter.util.MdmBtmTypeConstant;
 import com.vci.ubcs.starter.util.SaveLogUtil;
+import com.vci.ubcs.starter.util.SpecialCharacterConverter;
 import com.vci.ubcs.starter.util.UBCSSqlKeyword;
 import com.vci.ubcs.starter.web.constant.QueryOptionConstant;
 import com.vci.ubcs.starter.web.constant.RegExpConstant;
@@ -791,6 +792,7 @@
                 sql[0] += " and oid != '" + orderDTO.getCopyFromVersion() + "'";
             }
             sql[0] += " and lastR = '1' and lastV = '1' ";
+			// 鑾峰彇涓嶅弬涓庢牎楠岀殑鍒嗙被oid
 			String isParticipateCheckOids = classifyService.selectLeafByParentClassifyOid(classifyFullInfo.getTopClassifyVO().getOid(), classifyFullInfo.getCurrentClassifyVO().getOid());
 			if(Func.isNotEmpty(isParticipateCheckOids)){
 				sql[0] += " and codeclsfid not in(" + isParticipateCheckOids + ")";
@@ -1193,12 +1195,12 @@
                     temp = "%s";
                 }
                 queryKey = String.format(temp, "nvl("+ "t." + attrId +",'/')");
-                queryValue = String.format(temp, "'" + (trim ? value.trim() : value) + "'");
+                queryValue = String.format(temp, "'" + (trim ? SpecialCharacterConverter.escapeSpecialCharacters(value.trim()):SpecialCharacterConverter.escapeSpecialCharacters(value)) + "'");
                 conditionMap.put(queryKey, queryValue);
             } else {
 				if(StringUtils.isNotBlank(value)) {
 					//涓虹┖鐨勬椂鍊欎笉浠ｈ〃涓嶆牎楠岋紝鍙槸涓嶅幓闄ょ浉鍏崇殑淇℃伅
-					conditionMap.put("nvl("+ "t." + attrId+",'/')", "'" + value + "'");
+					conditionMap.put("nvl("+ "t." + attrId+",'/')", "'" + SpecialCharacterConverter.escapeSpecialCharacters(value) + "'");
 				}else{
 					conditionMap.put("t." + attrId, QueryOptionConstant.ISNULL);
 				}
@@ -2472,7 +2474,6 @@
 				return getSqlByValue(key, value, attrVOMap,btmType);
 			}
 		}*/
-
     }
 
     /**

--
Gitblit v1.9.3