From 472bf3f35a5a5abd94742d1b93b2716cce901525 Mon Sep 17 00:00:00 2001 From: zhangdaiscott Date: Tue, 1 Mar 2022 22:13:54 +0800 Subject: [PATCH] =?UTF-8?q?JeecgBoot=203.1.0=20=E7=89=88=E6=9C=AC=E5=8F=91?= =?UTF-8?q?=E5=B8=83=EF=BC=8C=E5=9F=BA=E4=BA=8E=E4=BB=A3=E7=A0=81=E7=94=9F?= =?UTF-8?q?=E6=88=90=E5=99=A8=E7=9A=84=E4=BC=81=E4=B8=9A=E7=BA=A7=E4=BD=8E?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=E5=B9=B3=E5=8F=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/jeecg/modules/system/controller/CommonController.java | 2 +- .../jeecg/modules/system/controller/SysUploadController.java | 2 +- .../src/main/resources/application-sharding.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/CommonController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/CommonController.java index 610ff7b2..796a938d 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/CommonController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/CommonController.java @@ -76,7 +76,7 @@ public class CommonController { String bizPath = request.getParameter("biz"); //LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞 - if(bizPath.contains("../") || bizPath.contains("..\\")){ + if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) { throw new JeecgBootException("上传目录bizPath,格式非法!"); } diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUploadController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUploadController.java index 7f383aad..300f9037 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUploadController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUploadController.java @@ -37,7 +37,7 @@ public class SysUploadController { String bizPath = request.getParameter("biz"); //LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞 - if(bizPath.contains("../") || bizPath.contains("..\\")){ + if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) { throw new JeecgBootException("上传目录bizPath,格式非法!"); } diff --git a/jeecg-boot/jeecg-cloud-module/jeecg-cloud-test/jeecg-cloud-test-shardingsphere/src/main/resources/application-sharding.yml b/jeecg-boot/jeecg-cloud-module/jeecg-cloud-test/jeecg-cloud-test-shardingsphere/src/main/resources/application-sharding.yml index b58d16c6..3d124e38 100644 --- a/jeecg-boot/jeecg-cloud-module/jeecg-cloud-test/jeecg-cloud-test-shardingsphere/src/main/resources/application-sharding.yml +++ b/jeecg-boot/jeecg-cloud-module/jeecg-cloud-test/jeecg-cloud-test-shardingsphere/src/main/resources/application-sharding.yml @@ -28,7 +28,7 @@ spring: props: strategy: standard # 自定义标准分配算法 - algorithmClassName: org.jeecg.modules.demo.sharding.algorithm.StandardModTableShardAlgorithm + algorithmClassName: org.jeecg.modules.test.sharding.algorithm.StandardModTableShardAlgorithm type: CLASS_BASED tables: # 逻辑表名称