用户导入响应消息对名称安全处理

2025-12-15 13:43:59 +08:00 · 2024-09-13 21:15:32 +08:00
parent 4bf6a74a09
commit a43af874d8
2 changed files with 37 additions and 1 deletions
--- a/src/main/java/com/ruoyi/common/utils/ExceptionUtil.java
+++ b/src/main/java/com/ruoyi/common/utils/ExceptionUtil.java
@@ -37,4 +37,32 @@ public class ExceptionUtil
        }
        return StringUtils.defaultString(msg);
    }
+
+    /**
+     * 检测异常e被触发的原因是不是因为异常cause。
+     * 
+     * @param e 捕获的异常。
+     * @param cause 异常触发原因。
+     * @return 如果异常e是由cause类异常触发，则返回true；否则返回false。
+     */
+    public static boolean isCausedBy(final Throwable e, final Class<? extends Throwable> cause)
+    {
+        if (cause.isAssignableFrom(e.getClass()))
+        {
+            return true;
+        }
+        else
+        {
+            Throwable t = e.getCause();
+            while (t != null && t != e)
+            {
+                if (cause.isAssignableFrom(t.getClass()))
+                {
+                    return true;
+                }
+                t = t.getCause();
+            }
+            return false;
+        }
+    }
 }
--- a/src/main/java/com/ruoyi/project/system/user/service/UserServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/user/service/UserServiceImpl.java
@@ -3,6 +3,7 @@ package com.ruoyi.project.system.user.service;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
+import javax.validation.ConstraintViolationException;
 import javax.validation.Validator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -13,9 +14,11 @@ import org.springframework.util.CollectionUtils;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.utils.DateUtils;
+import com.ruoyi.common.utils.ExceptionUtil;
 import com.ruoyi.common.utils.Md5Utils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.bean.BeanValidators;
+import com.ruoyi.common.utils.html.EscapeUtil;
 import com.ruoyi.common.utils.security.ShiroUtils;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.common.utils.text.Convert;
@@ -543,7 +546,12 @@ public class UserServiceImpl implements IUserService
            catch (Exception e)
            {
                failureNum++;
-                String msg = "<br/>" + failureNum + "、账号 " + user.getLoginName() + " 导入失败：";
+                String loginName = user.getLoginName();
+                if (ExceptionUtil.isCausedBy(e, ConstraintViolationException.class))
+                {
+                    loginName = EscapeUtil.clean(loginName);
+                }
+                String msg = "<br/>" + failureNum + "、账号 " + loginName + " 导入失败：";
                failureMsg.append(msg + e.getMessage());
                log.error(msg, e);
            }