2023年4月15日 修复问题

jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/entity/KcTingke.java

@@ -194,6 +194,22 @@ public class KcTingke implements Serializable {
     private java.lang.String pj;
 
 
+    /**
+     * 分页
+     */
+    @TableField(exist = false)
+    private Integer pageSize;
 
+    /**
+     * 开始时间搜索
+     */
+    @TableField(exist = false)
+    private String startDate;
+
+    /**
+     * 结束时间搜索
+     */
+    @TableField(exist = false)
+    private String endDate;
 //    private java.lang.String tingketime;
 }

jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/mapper/xml/KcTingkeMapper.xml

@@ -432,6 +432,7 @@
                 </if>
                 ORDER BY tk.tingketime DESC
             LIMIT 3
+
             ) tk
         LEFT JOIN (
             SELECT
@@ -454,19 +455,33 @@
             ) ev ON tk.ketangbiaoid = ev.ketangbiaoid
 
         <where>
+            <if test="startDate != null and startDate != ''">
+                and tkrq >= #{startDate}
+            </if>
+            <if test="endDate != null and endDate != ''">
+                and tkrq <![CDATA[<=]]> #{endDate}
+<!--                tkrq &lt;= #{endDate}-->
+            </if>
             <if test="searchInput != null and searchInput != ''">
-                (kcmc like CONCAT('%',searchInput,'%') or skjs like CONCAT('%',searchInput,'%'))
+                and (kcmc like CONCAT('%',#{searchInput},'%') or skjs like CONCAT('%',#{searchInput},'%'))
             </if>
             <if test="pj != null and pj != ''">
                 <if test="pj == '0'">
-                    score is null
+                    and score is null
                 </if>
                 <if test="pj == '1'">
-                    score is not null
+                    and score is not null
                 </if>
 
             </if>
         </where>
+        <if test="pageSize != -1 and pageSize != null">
+            LIMIT #{pageSize}
+        </if>
+        <if test="pageSize != -1 and pageSize != null">
+            LIMIT #{pageSize}
+        </if>
+
 
     </select>
 

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysDictMapper.java

@@ -87,6 +87,8 @@ public interface SysDictMapper extends BaseMapper<SysDict> {
 	@Deprecated
 	public List<DictModel> queryTableDictItemsByCodeAndFilter(@Param("table") String table,@Param("text") String text,@Param("code") String code,@Param("filterSql") String filterSql);
 
+	List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(@Param("table") String table,@Param("text") String text,@Param("code") String code,@Param("filterSql") String filterSql, @Param("orderByList") List orderByList);
+
 	/**
      * 通过查询指定table的 text code 获取字典
      * @param table
@@ -272,4 +274,5 @@ public interface SysDictMapper extends BaseMapper<SysDict> {
 	 */
 	@InterceptorIgnore(tenantLine = "true")
     List<SysDict> getDictListByLowAppId(@Param("lowAppId") String lowAppId, @Param("tenantId") Integer tenantId);
+
 }

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDictMapper.xml

@@ -74,6 +74,19 @@
 			where ${filterSql}
 		</if>
 	</select>
+	<select id="queryTableDictItemsByCodeAndFilterAndOrderBy" resultType="org.jeecg.common.system.vo.DictModel">
+		select ${text} as "text",${code} as "value" from ${table}
+		<if test="filterSql != null and filterSql != ''">
+			where ${filterSql}
+		</if>
+		<if test="orderByList != null and orderByList != ''">
+			<foreach item="item" index="index" collection="orderByList"  open="order by" separator="," close="">
+				#{item}
+			</foreach>
+		</if>
+	</select>
+
+
 
 	<!--通过查询指定table的 text code key 获取字典值-->
 	<select id="queryTableDictTextByKey" parameterType="String" resultType="String">

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysDictService.java

@@ -86,6 +86,8 @@ public interface ISysDictService extends IService<SysDict> {
 	 */
 	Map<String, List<DictModel>> queryManyDictByKeys(List<String> dictCodeList, List<String> keys);
 
+    List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(String table, String text, String code, String filterSql, List orderBy);
+
     /**
      * 通过查询指定table的 text code key 获取字典值
      * @param table

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java

@@ -13,7 +13,6 @@ import org.jeecg.common.constant.DataBaseConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.query.QueryGenerator;
-import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.util.ResourceUtil;
 import org.jeecg.common.system.vo.DictModel;
 import org.jeecg.common.system.vo.DictModelMany;
@@ -170,6 +169,12 @@ public class SysDictServiceImpl extends ServiceImpl<SysDictMapper, SysDict> impl
 		return sysDictMapper.queryTableDictItemsByCodeAndFilter(table,text,code,filterSql);
 	}
 
+	@Override
+	public List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(String table, String text, String code, String filterSql, List orderByList) {
+		log.debug("无缓存dictTableList的时候调用这里！");
+		return sysDictMapper.queryTableDictItemsByCodeAndFilterAndOrderBy(table,text,code,filterSql,orderByList);
+	}
+
 	/**
 	 * 通过查询指定table的 text code 获取字典值text
 	 * dictTableCache采用redis缓存有效期10分钟
@@ -427,7 +432,13 @@ public class SysDictServiceImpl extends ServiceImpl<SysDictMapper, SysDict> impl
 			//update-end-author:taoyan date:2022-7-4 for: issues/I5BNY9 指定带过滤条件的字典table在生成代码后失效
 			//【issues/3713】字典接口存在SQL注入风险
 			SqlInjectionUtil.filterContent(sqlInjCheck);
-			if (params.length == 4) {
+			if (params.length == 5) {
+				// SQL注入校验（查询条件SQL 特殊check，此方法仅供此处使用）
+				SqlInjectionUtil.specialFilterContentForDictSql(params[3]);
+				String orderByStr = params[4];
+				String[] orderByArray = orderByStr.split("\\|");//排序分隔符
+				ls = this.queryTableDictItemsByCodeAndFilterAndOrderBy(params[0], params[1], params[2], params[3],Arrays.asList(orderByArray));
+			} else if (params.length == 4) {
 				// SQL注入校验（查询条件SQL 特殊check，此方法仅供此处使用）
 				SqlInjectionUtil.specialFilterContentForDictSql(params[3]);
 				ls = this.queryTableDictItemsByCodeAndFilter(params[0], params[1], params[2], params[3]);

pom.xml

@@ -138,6 +138,10 @@
 			<artifactId>pegdown</artifactId>
 			<version>${pegdown.version}</version>
 		</dependency>
+        <dependency>
+            <groupId>org.jeecgframework.boot</groupId>
+            <artifactId>jeecg-boot-base-core</artifactId>
+        </dependency>
 
     </dependencies>