From c29479a57db73c4dd379788d1b819e716ff7e1c1 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期二, 28 十一月 2023 10:39:39 +0800
Subject: [PATCH] 参数赋值，漏洞修复

---
 consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java |   44 ++++++++++++++++++++++++++++++++------------
 1 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
index 66393e7..a3e1880 100644
--- a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
@@ -1,6 +1,7 @@
 package com.consum.base.controller;
 
 import com.consum.base.BaseController;
+import com.consum.base.core.utils.CommonUtil;
 import com.consum.base.pojo.FinSysTenantDepartmentParam;
 import com.consum.base.service.FinSysTenantDepartmentServiceImpl;
 import com.consum.model.po.FinSysTenantDepartment;
@@ -17,7 +18,6 @@
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -44,7 +44,12 @@
         @ApiImplicitParam(name = "param", value = "閮ㄩ棬淇℃伅", required = true, dataType = "FinSysTenantDepartmentParam")
     })
     @PostMapping("/add")
-    public ResponseValue add(@RequestBody FinSysTenantDepartmentParam param) {
+    public ResponseValue add() {
+        FinSysTenantDepartmentParam param = CommonUtil.getObjFromReqBody(FinSysTenantDepartmentParam.class);
+        FinSysTenantDepartmentParam finSysTenantDepartmentParam = new FinSysTenantDepartmentParam();
+        CommonUtil.copyProperties(param, finSysTenantDepartmentParam);
+        param = finSysTenantDepartmentParam;
+
         if (StringUtils.isEmpty(param.getName())) {
             return ResponseValue.error("閮ㄩ棬鍚嶇О涓虹┖");
         }
@@ -75,7 +80,12 @@
      */
     //濡傛灉涓嶄紶鏈烘瀯id锛岄粯璁ゆ煡鐪佺骇鏈烘瀯鐨勯儴闂�
     @GetMapping("/list")
-    public ResponseValue queryList(FinSysTenantDepartmentParam param) {
+    public ResponseValue queryList() {
+        FinSysTenantDepartmentParam param = CommonUtil.getObjFromReq(FinSysTenantDepartmentParam.class);
+        FinSysTenantDepartmentParam param2 = new FinSysTenantDepartmentParam();
+        CommonUtil.copyProperties(param, param2);
+        param = param2;
+
         FinSysTenantUser sysInfo = this.getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
@@ -107,26 +117,31 @@
      * @Date 2023/10/26
      */
     @PostMapping("/edit")
-    public ResponseValue edit(@RequestBody FinSysTenantDepartment department) {
-        Long id = department.getId();
+    public ResponseValue edit() {
+        FinSysTenantDepartment param = CommonUtil.getObjFromReqBody(FinSysTenantDepartment.class);
+        FinSysTenantDepartment finSysTenantDepartment = new FinSysTenantDepartment();
+        CommonUtil.copyProperties(param, finSysTenantDepartment);
+        param = finSysTenantDepartment;
+
+        Long id = param.getId();
         if (id == null || id <= 0) {
             return ResponseValue.error("缂栬緫鐨勯儴闂ㄤ笉瀛樺湪");
         }
-        if (StringUtils.isEmpty(department.getName())) {
+        if (StringUtils.isEmpty(param.getName())) {
             return ResponseValue.error("閮ㄩ棬鍚嶇О涓虹┖");
         }
-        if (StringUtils.isEmpty(department.getCode())) {
+        if (StringUtils.isEmpty(param.getCode())) {
             return ResponseValue.error("閮ㄩ棬缂栧彿涓虹┖");
         }
         FinSysTenantUser sysInfo = this.getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
         }
-        FinSysTenantDepartment tenantDepartment = this.departmentService.selectByCode(department.getCode());
+        FinSysTenantDepartment tenantDepartment = this.departmentService.selectByCode(param.getCode());
         if (tenantDepartment != null) {
             return ResponseValue.error("閮ㄩ棬缂栧彿宸插瓨鍦�");
         }
-        int num = this.departmentService.updateFinSysTenantDepartment(department, sysInfo);
+        int num = this.departmentService.updateFinSysTenantDepartment(param, sysInfo);
         return num > 0 ? ResponseValue.success() : ResponseValue.error("缂栬緫澶辫触锛�");
     }
 
@@ -154,15 +169,20 @@
      * @Date 2023/10/26
      */
     @DeleteMapping("/del")
-    public ResponseValue updateById(@RequestBody FinSysTenantDepartment department) {
-        if (department.getId() == null) {
+    public ResponseValue updateById() {
+        FinSysTenantDepartment param = CommonUtil.getObjFromReqBody(FinSysTenantDepartment.class);
+        FinSysTenantDepartment finSysTenantDepartment = new FinSysTenantDepartment();
+        CommonUtil.copyProperties(param, finSysTenantDepartment);
+        param = finSysTenantDepartment;
+
+        if (param.getId() == null) {
             return ResponseValue.error("閮ㄩ棬id涓虹┖");
         }
         FinSysTenantUser sysInfo = this.getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
         }
-        int num = this.departmentService.updateById(department, sysInfo);
+        int num = this.departmentService.updateById(param, sysInfo);
 
         return num > 0 ? ResponseValue.success(1) : ResponseValue.error("鍒犻櫎澶辫触锛�");
     }

--
Gitblit v1.9.1