From c24cd14fd700b2846623d0c3e9683adb30c7062b Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 五月 2021 17:55:05 +0800
Subject: [PATCH] 修复两处存在SQL注入漏洞问题

---
 src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index 9ca64c5..2cb8577 100644
--- a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -66,6 +66,7 @@
     @Before("dataScopePointCut()")
     public void doBefore(JoinPoint point) throws Throwable
     {
+        clearDataScope(point);
         handleDataScope(point);
     }
 
@@ -166,4 +167,17 @@
         }
         return null;
     }
+
+    /**
+     * 鎷兼帴鏉冮檺sql鍓嶅厛娓呯┖params.dataScope鍙傛暟闃叉娉ㄥ叆
+     */
+    private void clearDataScope(final JoinPoint joinPoint)
+    {
+        Object params = joinPoint.getArgs()[0];
+        if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
+        {
+            BaseEntity baseEntity = (BaseEntity) params;
+            baseEntity.getParams().put(DATA_SCOPE, "");
+        }
+    }
 }

--
Gitblit v1.9.3