From bc11ec0e6b09d1da34abd970a2acf7b461127eca Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期二, 16 九月 2025 15:19:12 +0800
Subject: [PATCH] 修改安全漏洞

---
 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java |   38 +++++++++++++++++++++++++++++++++++++-
 1 files changed, 37 insertions(+), 1 deletions(-)

diff --git a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java
index 2eac5a1..37cb1d2 100644
--- a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java
+++ b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java
@@ -9,6 +9,7 @@
 import com.stylefeng.guns.core.log.LogObjectHolder;
 import com.stylefeng.guns.core.shiro.ShiroKit;
 import com.stylefeng.guns.core.shiro.ShiroUser;
+import com.stylefeng.guns.core.util.ToolUtil;
 import com.stylefeng.guns.modular.system.controller.resp.TDriverCommissionResp;
 import com.stylefeng.guns.modular.system.controller.resp.TDriverResp;
 import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
@@ -19,6 +20,7 @@
 import com.stylefeng.guns.modular.system.enums.UserTypeEnum;
 import com.stylefeng.guns.modular.system.model.*;
 import com.stylefeng.guns.modular.system.service.*;
+import com.stylefeng.guns.modular.system.util.AESUtil;
 import com.stylefeng.guns.modular.system.util.DateUtil;
 import com.stylefeng.guns.modular.system.util.RedisUtil;
 //import com.stylefeng.guns.modular.system.util.bank.BankUtil;
@@ -360,6 +362,9 @@
         List<TDriver> tDrivers = tDriverService.selectList(wrapper);
         List<TDriverResp> tDriverResp = tDriverService.getTDriverResp(tDrivers);
         for (TDriverResp driverResp : tDriverResp) {
+            driverResp.setIdcard(AESUtil.encrypt(driverResp.getIdcard()));
+            driverResp.setName(AESUtil.encrypt(driverResp.getName()));
+            driverResp.setPhone(AESUtil.encrypt(driverResp.getPhone()));
             TDriverWork tDriverWork = tDriverWorkService.selectOne(new EntityWrapper<TDriverWork>()
                     .eq("driverId", driverResp.getId())
                     .orderBy("workTime", false)
@@ -575,7 +580,22 @@
     @RequestMapping(value = "/add")
     @ResponseBody
     public Object add(TDriver tDriver) {
-
+        String avatar = tDriver.getAvatar();
+        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
+        }
+        String driverLicense = tDriver.getDriverLicense();
+        if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
+        }
+        String idcardFront = tDriver.getIdcardFront();
+        if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
+        }
+        String idcardBack = tDriver.getIdcardBack();
+        if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
+        }
         int count = tDriverService.selectCount(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone()));
         if(count>0){
             return new SuccessTip(500,"该司机已存在!");
@@ -677,6 +697,22 @@
     @RequestMapping(value = "/update")
     @ResponseBody
     public Object update(TDriver tDriver) {
+        String avatar = tDriver.getAvatar();
+        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
+        }
+        String driverLicense = tDriver.getDriverLicense();
+        if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
+        }
+        String idcardFront = tDriver.getIdcardFront();
+        if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
+        }
+        String idcardBack = tDriver.getIdcardBack();
+        if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
+        }
         TDriver driver = tDriverService.selectOne(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone())
                 .last("LIMIT 1"));
         if(Objects.nonNull(driver) && !tDriver.getId().equals(driver.getId())){

--
Gitblit v1.7.1