2023年4月15日修复问题

2023-04-15 15:50:14 +08:00 · 2023-04-15 15:50:14 +08:00 · 58be92defa
parent fa70cfcbb1
commit 58be92defa
7 changed files with 73 additions and 9 deletions
--- a/jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/entity/KcTingke.java
+++ b/jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/entity/KcTingke.java
@ -194,6 +194,22 @@ public class KcTingke implements Serializable {
    private java.lang.String pj;


+    /**
+     * 分页
+     */
+    @TableField(exist = false)
+    private Integer pageSize;

+    /**
+     * 开始时间搜索
+     */
+    @TableField(exist = false)
+    private String startDate;
+
+    /**
+     * 结束时间搜索
+     */
+    @TableField(exist = false)
+    private String endDate;
 //    private java.lang.String tingketime;
 }
--- a/jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/mapper/xml/KcTingkeMapper.xml
+++ b/jeecg-module-main/src/main/java/org/jeecg/modules/kc/tktj/mapper/xml/KcTingkeMapper.xml
@ -432,6 +432,7 @@
                </if>
                ORDER BY tk.tingketime DESC
            LIMIT 3
+
            ) tk
        LEFT JOIN (
            SELECT
@ -454,19 +455,33 @@
            ) ev ON tk.ketangbiaoid = ev.ketangbiaoid

        <where>
+            <if test="startDate != null and startDate != ''">
+                and tkrq >= #{startDate}
+            </if>
+            <if test="endDate != null and endDate != ''">
+                and tkrq <![CDATA[<=]]> #{endDate}
+<!--                tkrq &lt;= #{endDate}-->
+            </if>
            <if test="searchInput != null and searchInput != ''">
-                (kcmc like CONCAT('%',searchInput,'%') or skjs like CONCAT('%',searchInput,'%'))
+                and (kcmc like CONCAT('%',#{searchInput},'%') or skjs like CONCAT('%',#{searchInput},'%'))
            </if>
            <if test="pj != null and pj != ''">
                <if test="pj == '0'">
-                    score is null
+                    and score is null
                </if>
                <if test="pj == '1'">
-                    score is not null
+                    and score is not null
                </if>

            </if>
        </where>
+        <if test="pageSize != -1 and pageSize != null">
+            LIMIT #{pageSize}
+        </if>
+        <if test="pageSize != -1 and pageSize != null">
+            LIMIT #{pageSize}
+        </if>
+

    </select>

--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysDictMapper.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysDictMapper.java
@ -87,7 +87,9 @@ public interface SysDictMapper extends BaseMapper<SysDict> {
 	@Deprecated
 	public List<DictModel> queryTableDictItemsByCodeAndFilter(@Param("table") String table,@Param("text") String text,@Param("code") String code,@Param("filterSql") String filterSql);

-    /**
+	List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(@Param("table") String table,@Param("text") String text,@Param("code") String code,@Param("filterSql") String filterSql, @Param("orderByList") List orderByList);
+
+	/**
     * 通过查询指定table的 text code 获取字典
     * @param table
     * @param key
@ -272,4 +274,5 @@ public interface SysDictMapper extends BaseMapper<SysDict> {
 	 */
 	@InterceptorIgnore(tenantLine = "true")
    List<SysDict> getDictListByLowAppId(@Param("lowAppId") String lowAppId, @Param("tenantId") Integer tenantId);
+
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDictMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDictMapper.xml
@ -74,6 +74,19 @@
 			where ${filterSql}
 		</if>
 	</select>
+	<select id="queryTableDictItemsByCodeAndFilterAndOrderBy" resultType="org.jeecg.common.system.vo.DictModel">
+		select ${text} as "text",${code} as "value" from ${table}
+		<if test="filterSql != null and filterSql != ''">
+			where ${filterSql}
+		</if>
+		<if test="orderByList != null and orderByList != ''">
+			<foreach item="item" index="index" collection="orderByList"  open="order by" separator="," close="">
+				#{item}
+			</foreach>
+		</if>
+	</select>
+
+

 	<!--通过查询指定table的 text code key 获取字典值-->
 	<select id="queryTableDictTextByKey" parameterType="String" resultType="String">
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysDictService.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysDictService.java
@ -86,6 +86,8 @@ public interface ISysDictService extends IService<SysDict> {
 	 */
 	Map<String, List<DictModel>> queryManyDictByKeys(List<String> dictCodeList, List<String> keys);

+    List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(String table, String text, String code, String filterSql, List orderBy);
+
    /**
     * 通过查询指定table的 text code key 获取字典值
     * @param table
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java
@ -13,7 +13,6 @@ import org.jeecg.common.constant.DataBaseConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.query.QueryGenerator;
-import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.util.ResourceUtil;
 import org.jeecg.common.system.vo.DictModel;
 import org.jeecg.common.system.vo.DictModelMany;
@ -170,6 +169,12 @@ public class SysDictServiceImpl extends ServiceImpl<SysDictMapper, SysDict> impl
 		return sysDictMapper.queryTableDictItemsByCodeAndFilter(table,text,code,filterSql);
 	}

+	@Override
+	public List<DictModel> queryTableDictItemsByCodeAndFilterAndOrderBy(String table, String text, String code, String filterSql, List orderByList) {
+		log.debug("无缓存dictTableList的时候调用这里！");
+		return sysDictMapper.queryTableDictItemsByCodeAndFilterAndOrderBy(table,text,code,filterSql,orderByList);
+	}
+
 	/**
 	 * 通过查询指定table的 text code 获取字典值text
 	 * dictTableCache采用redis缓存有效期10分钟
@ -427,7 +432,13 @@ public class SysDictServiceImpl extends ServiceImpl<SysDictMapper, SysDict> impl
 			//update-end-author:taoyan date:2022-7-4 for: issues/I5BNY9 指定带过滤条件的字典table在生成代码后失效
 			//【issues/3713】字典接口存在SQL注入风险
 			SqlInjectionUtil.filterContent(sqlInjCheck);
-			if (params.length == 4) {
+			if (params.length == 5) {
+				// SQL注入校验（查询条件SQL 特殊check，此方法仅供此处使用）
+				SqlInjectionUtil.specialFilterContentForDictSql(params[3]);
+				String orderByStr = params[4];
+				String[] orderByArray = orderByStr.split("\\|");//排序分隔符
+				ls = this.queryTableDictItemsByCodeAndFilterAndOrderBy(params[0], params[1], params[2], params[3],Arrays.asList(orderByArray));
+			} else if (params.length == 4) {
 				// SQL注入校验（查询条件SQL 特殊check，此方法仅供此处使用）
 				SqlInjectionUtil.specialFilterContentForDictSql(params[3]);
 				ls = this.queryTableDictItemsByCodeAndFilter(params[0], params[1], params[2], params[3]);
--- a/pom.xml
+++ b/pom.xml
@ -138,8 +138,12 @@
 			<artifactId>pegdown</artifactId>
 			<version>${pegdown.version}</version>
 		</dependency>
+        <dependency>
+            <groupId>org.jeecgframework.boot</groupId>
+            <artifactId>jeecg-boot-base-core</artifactId>
+        </dependency>

-	</dependencies>
+    </dependencies>

 	<dependencyManagement>
 		<dependencies>