From c29479a57db73c4dd379788d1b819e716ff7e1c1 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期二, 28 十一月 2023 10:39:39 +0800
Subject: [PATCH] 参数赋值，漏洞修复

---
 consum-base/src/main/java/com/consum/base/controller/BaseWarehouseManagerController.java |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/consum-base/src/main/java/com/consum/base/controller/BaseWarehouseManagerController.java b/consum-base/src/main/java/com/consum/base/controller/BaseWarehouseManagerController.java
index a5d9f91..3ff82a0 100644
--- a/consum-base/src/main/java/com/consum/base/controller/BaseWarehouseManagerController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/BaseWarehouseManagerController.java
@@ -1,6 +1,7 @@
 package com.consum.base.controller;
 
 import com.consum.base.BaseController;
+import com.consum.base.core.utils.CommonUtil;
 import com.consum.base.pojo.request.WarehouseManagerParam;
 import com.consum.base.service.BaseWarehouseManagerServiceImpl;
 import com.consum.model.po.BaseWarehouseManager;
@@ -13,7 +14,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -39,12 +39,17 @@
     @ApiOperation(value = "鏂板", notes = "鏂板")
     @ApiImplicitParam(name = "warehouseManagerParam", value = "搴撶鍛樹俊鎭�", required = true, dataType = "WarehouseManagerParam", paramType = "body")
     @PostMapping("/save")
-    public ResponseValue add(@RequestBody WarehouseManagerParam warehouseManagerParam) throws Exception {
+    public ResponseValue add() throws Exception {
+        WarehouseManagerParam param = CommonUtil.getObjFromReqBody(WarehouseManagerParam.class);
+        WarehouseManagerParam baseWarehouseParam = new WarehouseManagerParam();
+        CommonUtil.copyProperties(param, baseWarehouseParam);
+        param = baseWarehouseParam;
+
         FinSysTenantUser sysInfo = this.getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("璇峰厛鐧诲綍");
         }
-        this.baseWarehouseManagerService.add(warehouseManagerParam);
+        this.baseWarehouseManagerService.add(param);
         return ResponseValue.success();
     }
 

--
Gitblit v1.9.1