用户导入响应消息对名称安全处理

2 months ago · 9b68013b2a
2 changed files with 37 additions and 1 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/ExceptionUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/ExceptionUtil.java
@ -36,4 +36,32 @@ public class ExceptionUtil
        }
        return StringUtils.defaultString(msg);
    }
+
+    /**
+     * 检测异常e被触发的原因是不是因为异常cause。
+     * 
+     * @param e 捕获的异常。
+     * @param cause 异常触发原因。
+     * @return 如果异常e是由cause类异常触发，则返回true；否则返回false。
+     */
+    public static boolean isCausedBy(final Throwable e, final Class<? extends Throwable> cause)
+    {
+        if (cause.isAssignableFrom(e.getClass()))
+        {
+            return true;
+        }
+        else
+        {
+            Throwable t = e.getCause();
+            while (t != null && t != e)
+            {
+                if (cause.isAssignableFrom(t.getClass()))
+                {
+                    return true;
+                }
+                t = t.getCause();
+            }
+            return false;
+        }
+    }
 }
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@ -3,6 +3,7 @@ package com.ruoyi.system.service.impl;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
+import javax.validation.ConstraintViolationException;
 import javax.validation.Validator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -16,9 +17,11 @@ import com.ruoyi.common.core.domain.entity.SysRole;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.text.Convert;
 import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.ExceptionUtil;
 import com.ruoyi.common.utils.ShiroUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.bean.BeanValidators;
+import com.ruoyi.common.utils.html.EscapeUtil;
 import com.ruoyi.common.utils.security.Md5Utils;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.system.domain.SysPost;
@ -529,7 +532,12 @@ public class SysUserServiceImpl implements ISysUserService
            catch (Exception e)
            {
                failureNum++;
-                String msg = "<br/>" + failureNum + "、账号 " + user.getLoginName() + " 导入失败：";
+                String loginName = user.getLoginName();
+                if (ExceptionUtil.isCausedBy(e, ConstraintViolationException.class))
+                {
+                    loginName = EscapeUtil.clean(loginName);
+                }
+                String msg = "<br/>" + failureNum + "、账号 " + loginName + " 导入失败：";
                failureMsg.append(msg + e.getMessage());
                log.error(msg, e);
            }