From e6e6902e853bc7b036078415b30014983880c15e Mon Sep 17 00:00:00 2001
From: zhangdaiscott <zhangdaiscott@163.com>
Date: Sat, 22 Jul 2023 11:24:00 +0800
Subject: [PATCH] =?UTF-8?q?[issues/5134]=20duplicate/check=20Sql=E6=B3=84?=
 =?UTF-8?q?=E9=9C=B2=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/DuplicateCheckController.java  | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
index 187b5904..c6dc9a37 100644
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
@@ -9,6 +9,7 @@ import org.jeecg.common.util.SqlInjectionUtil;
 import org.jeecg.modules.system.mapper.SysDictMapper;
 import org.jeecg.modules.system.model.DuplicateCheckVo;
 import org.jeecg.modules.system.security.DictQueryBlackListHandler;
+import org.mybatis.spring.MyBatisSystemException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -68,13 +69,22 @@ public class DuplicateCheckController {
 		}
 		//update-end-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
 		// update-end-author:taoyan date:20211227 for: JTC-25 【online报表】oracle 操作问题 录入弹框啥都不填直接保存 ①编码不是应该提示必填么？②报错也应该是具体文字提示，不是后台错误日志
-		if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
-			// [2].编辑页面校验
-			num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
-		} else {
-			// [1].添加页面校验
-			num = sysDictMapper.duplicateCheckCountSqlNoDataId(duplicateCheckVo);
+
+		// update-begin-author:liusq date:20230721 for: [issues/5134] duplicate/check Sql泄露问题
+		try{
+			if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
+				// [2].编辑页面校验
+				num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
+			} else {
+				// [1].添加页面校验
+				num = sysDictMapper.duplicateCheckCountSqlNoDataId(duplicateCheckVo);
+			}
+		}catch(MyBatisSystemException e){
+			log.error(e.getMessage(), e);
+			String errorCause = "查询异常,请检查唯一校验的配置！";
+			return Result.error(errorCause);
 		}
+		// update-end-author:liusq date:20230721 for: [issues/5134] duplicate/check Sql泄露问题
 
 		if (num == null || num == 0) {
 			// 该值可用