Просмотр исходного кода

广东信源bannerList防止sql注入

zhouxin 11 месяцев назад
Родитель
Сommit
f20117afdb

+ 6 - 0
src/main/java/com/palmnest/webapp/controller/notice/WxNoticeController.java

@@ -1610,6 +1610,12 @@ public class WxNoticeController extends BaseFormController{
 			if (StringUtils.isBlank(orgIdParams) || "0".equals(orgIdParams) || "null".equals(orgIdParams)) {
 				orgIdParams = wxUser.getOrganizationId() + "";
 			}
+			/**
+			 * 判断orgId 字符串是否可以转化为int
+			 * 转化异常 存在sql注入
+			 */
+			Integer.parseInt(orgIdParams);
+
 			return AppResultUtil.createSuccesDto(appNoticeManager.finByType(noticeType, positionType, orgIdParams));
 		} catch (Exception e) {
 			log.info("WxNoticeController bannerList Error ==========>:" + e.getMessage());