From bc11ec0e6b09d1da34abd970a2acf7b461127eca Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期二, 16 九月 2025 15:19:12 +0800
Subject: [PATCH] 修改安全漏洞
---
management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java | 23 +++++++++++++++++++----
1 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java
index 2f13bf5..014330d 100644
--- a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java
+++ b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java
@@ -4,12 +4,10 @@
import com.baomidou.mybatisplus.plugins.Page;
import com.stylefeng.guns.core.base.controller.BaseController;
import com.stylefeng.guns.core.base.tips.ErrorTip;
+import com.stylefeng.guns.core.base.tips.SuccessTip;
import com.stylefeng.guns.core.common.constant.factory.PageFactory;
import com.stylefeng.guns.core.shiro.ShiroKit;
-import com.stylefeng.guns.core.util.DateUtil;
-import com.stylefeng.guns.core.util.ExcelExportUtil;
-import com.stylefeng.guns.core.util.SinataUtil;
-import com.stylefeng.guns.core.util.WoUtil;
+import com.stylefeng.guns.core.util.*;
import com.stylefeng.guns.modular.system.dao.CarInsuranceMapper;
import com.stylefeng.guns.modular.system.model.*;
import com.stylefeng.guns.modular.system.service.*;
@@ -361,6 +359,14 @@
@RequestMapping(value = "/add")
@ResponseBody
public Object add(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
+ String carPhoto = tCar.getCarPhoto();
+ if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
+ return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
+ }
+ String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
+ if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
+ return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
+ }
if (1 == roleType){ //平台
if (2 == companyType.intValue()){
if (SinataUtil.isNotEmpty(oneId)){
@@ -400,6 +406,7 @@
}
tCar.setInsertTime(new Date());
tCar.setState(1);
+
tCarService.insert(tCar);
//添加经营业务
@@ -443,6 +450,14 @@
@RequestMapping(value = "/update")
@ResponseBody
public Object update(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
+ String carPhoto = tCar.getCarPhoto();
+ if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
+ return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
+ }
+ String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
+ if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
+ return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
+ }
if (1 == roleType){ //平台
if (2 == companyType.intValue()){
if (SinataUtil.isNotEmpty(oneId)){
--
Gitblit v1.7.1