gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

删除配置删区域IP的时候对前台传入的编译ID进行分割强转数字,以防sql注入。

Browse Source
This commit is contained in:
wangxin
2018-06-14 16:09:17 +08:00
parent c2b16db99a
commit f5d1409dca
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/com/nis/web/service/configuration/IpCfgService.java
View File

@@ -332,13 +332,19 @@ public class IpCfgService extends CrudService<IpCfgDao,BaseIpCfg> {
@Transactional(readOnly=false,rollbackFor=RuntimeException.class) @Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void deleteIp(String ids,String compileIds,int functionId){ public void deleteIp(String ids,String compileIds,int functionId){
if(StringUtils.isNotBlank(compileIds)){ if(StringUtils.isNotBlank(compileIds)){
for(String compileId:compileIds.split(",")){ for(String compileId:compileIds.split(",")){//强转数字,防止注入
AreaIpCfg area=new AreaIpCfg(); Integer.parseInt(compileId);
area.setCompileId(Integer.parseInt(compileId)); // AreaIpCfg area=new AreaIpCfg();
area.setFunctionId(functionId); // area.setCompileId(Integer.parseInt(compileId));
area.setIsValid(Constants.VALID_DEL); // area.setFunctionId(functionId);
areaIpCfgDao.updateValid(area); // area.setIsValid(Constants.VALID_DEL);
// areaIpCfgDao.updateValid(area);
} }
BaseIpCfg area=new BaseIpCfg();
area.setTableName(AreaIpCfg.getTablename());
area.setCompileId(Integer.parseInt(compileIds));
area.setIsValid(Constants.VALID_DEL);
ipCfgDao.deleteByCompileId(area);
} }
List<BaseIpCfg> ipCfgs=new ArrayList<BaseIpCfg>(); List<BaseIpCfg> ipCfgs=new ArrayList<BaseIpCfg>();
Date date =new Date(); Date date =new Date();