From d04ef5fbd075d8d16bfe167ac032534490d83dc2 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期三, 06 十二月 2023 14:55:05 +0800
Subject: [PATCH] 修复漏洞

---
 consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java |   40 ++++++++++++++++++++++++++--------------
 1 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java b/consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java
index a2fe8e1..e6ba5ac 100644
--- a/consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java
@@ -1,6 +1,13 @@
 package com.consum.base.controller;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import com.consum.base.BaseController;
+import com.consum.base.core.utils.CommonUtil;
 import com.consum.base.core.utils.PageUtil;
 import com.consum.base.pojo.query.UsingFormBackQry;
 import com.consum.base.pojo.request.UsingFormBackParam;
@@ -8,14 +15,9 @@
 import com.consum.base.service.UsingFormBackService;
 import com.consum.model.po.FinSysTenantUser;
 import com.walker.web.ResponseValue;
+
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 
 /**
  * @author asus
@@ -31,23 +33,30 @@
     @Autowired
     private UsingFormBackService usingFormBackService;
 
-
     @ApiOperation(value = "閮ㄩ棬鐗╁搧閫�鍥炲崟鏂板鎺ュ彛", notes = "閮ㄩ棬鐗╁搧閫�鍥炲崟鏂板鎺ュ彛")
     @PostMapping("/add")
-    public ResponseValue add(@RequestBody UsingFormBackParam usingFormBackParam) {
+    public ResponseValue add() {
+        UsingFormBackParam usingFormBackParam = CommonUtil.getObjFromReqBody(UsingFormBackParam.class);
+        UsingFormBackParam param2 = new UsingFormBackParam();
+        CommonUtil.copyProperties(usingFormBackParam, param2);
+        usingFormBackParam = param2;
 
         FinSysTenantUser sysInfo = getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("璇峰厛鐧诲綍");
         }
-        usingFormBackService.add(usingFormBackParam, sysInfo,this.getCurrentUser());
+        usingFormBackService.add(usingFormBackParam, sysInfo, this.getCurrentUser());
         return ResponseValue.success();
     }
 
-
     @ApiOperation(value = "閮ㄩ棬鐗╁搧閫�鍥炲崟鏌ヨ鎺ュ彛", notes = "閮ㄩ棬鐗╁搧閫�鍥炲崟鏌ヨ鎺ュ彛")
     @GetMapping("/list")
-    public ResponseValue query(UsingFormBackQry usingFormBackParam) {
+    public ResponseValue query() {
+        UsingFormBackQry usingFormBackParam = CommonUtil.getObjFromReq(UsingFormBackQry.class);
+        UsingFormBackQry param2 = new UsingFormBackQry();
+        CommonUtil.copyProperties(usingFormBackParam, param2);
+        usingFormBackParam = param2;
+
         FinSysTenantUser sysInfo = getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("璇峰厛鐧诲綍");
@@ -56,7 +65,6 @@
         PageUtil page = usingFormBackService.selectPageByList(usingFormBackParam);
         return ResponseValue.success(page);
     }
-
 
     @ApiOperation(value = "閮ㄩ棬鐗╁搧閫�鍥炲崟璇︽儏鎺ュ彛", notes = "閮ㄩ棬鐗╁搧閫�鍥炲崟璇︽儏鎺ュ彛")
     @GetMapping("/detail")
@@ -69,10 +77,14 @@
         return ResponseValue.success(detail);
     }
 
-
     @ApiOperation(value = "閮ㄩ棬鐗╁搧閫�鍥炴槑缁嗘煡璇㈡帴鍙�", notes = "閮ㄩ棬鐗╁搧閫�鍥炴槑缁嗘煡璇㈡帴鍙�")
     @GetMapping("/list/detail")
-    public ResponseValue queryListDetail(UsingFormBackQry usingFormBackParam) {
+    public ResponseValue queryListDetail() {
+        UsingFormBackQry usingFormBackParam = CommonUtil.getObjFromReq(UsingFormBackQry.class);
+        UsingFormBackQry param2 = new UsingFormBackQry();
+        CommonUtil.copyProperties(usingFormBackParam, param2);
+        usingFormBackParam = param2;
+
         FinSysTenantUser sysInfo = getSysInfo();
         if (sysInfo == null) {
             return ResponseValue.error("璇峰厛鐧诲綍");

--
Gitblit v1.9.1