| src/main/java/com/ruoyi/common/constant/Constants.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 |
src/main/java/com/ruoyi/common/constant/Constants.java
@@ -148,4 +148,10 @@ * LDAP 远程方法调用 */ public static final String LOOKUP_LDAP = "ldap://"; /** * 定时任务违规的字符 */ public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml", "org.springframework.jndi" }; } src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java
@@ -96,6 +96,10 @@ { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR)) { return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规"); } job.setCreateBy(getUsername()); return toAjax(jobService.insertJob(job)); } @@ -124,6 +128,10 @@ { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR)) { return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规"); } job.setUpdateBy(getUsername()); return toAjax(jobService.updateJob(job)); }
