修改漏洞问题-pc端已测试完成
This commit is contained in:
@@ -737,7 +737,9 @@ public class ESJobSearchImpl implements IESJobSearchService
|
||||
}
|
||||
|
||||
BeanUtils.copyBeanProp(esJobDocument, job);
|
||||
esJobDocument.setAppJobUrl("https://www.xjksly.cn/app#/packageA/pages/post/post?jobId="+ Base64.getEncoder().encodeToString(String.valueOf(job.getJobId()).getBytes()));
|
||||
if (job != null && job.getJobId() != null) {
|
||||
esJobDocument.setAppJobUrl("https://www.xjksly.cn/app#/packageA/pages/post/post?jobId="+ Base64.getEncoder().encodeToString(String.valueOf(job.getJobId()).getBytes()));
|
||||
}
|
||||
if(!StringUtil.isEmptyOrNull(job.getScale())){
|
||||
esJobDocument.setScale(Integer.valueOf(job.getScale()));
|
||||
}else {
|
||||
|
||||
@@ -102,14 +102,21 @@ public class FileServiceImpl extends ServiceImpl<FileMapper, File> implements IF
|
||||
|
||||
try {
|
||||
// 创建上传目录
|
||||
java.io.File dir = new java.io.File(uploadDir);
|
||||
java.io.File dir = new java.io.File(uploadDir).getCanonicalFile();
|
||||
if (!dir.exists()) {
|
||||
dir.mkdirs();
|
||||
}
|
||||
|
||||
// 生成唯一的文件名
|
||||
String fileName = UUID.randomUUID().toString() + "_" + file.getOriginalFilename();
|
||||
Path filePath = Paths.get(uploadDir, fileName);
|
||||
|
||||
Path basePath = Paths.get(getCanonicalPath(uploadDir)).normalize();
|
||||
Path filePath = basePath.resolve(fileName).normalize();
|
||||
|
||||
if (!filePath.startsWith(basePath)) {
|
||||
throw new SecurityException("非法路径,禁止访问");
|
||||
}
|
||||
|
||||
|
||||
// 保存文件到服务器
|
||||
Files.copy(file.getInputStream(), filePath);
|
||||
@@ -138,14 +145,20 @@ public class FileServiceImpl extends ServiceImpl<FileMapper, File> implements IF
|
||||
|
||||
try {
|
||||
// 创建上传目录
|
||||
java.io.File dir = new java.io.File(uploadDir);
|
||||
java.io.File dir = new java.io.File(uploadDir).getCanonicalFile();
|
||||
if (!dir.exists()) {
|
||||
dir.mkdirs();
|
||||
}
|
||||
|
||||
// 生成唯一的文件名
|
||||
String fileName = UUID.randomUUID().toString() + "_" + file.getOriginalFilename();
|
||||
Path filePath = Paths.get(uploadDir, fileName);
|
||||
|
||||
Path basePath = Paths.get(getCanonicalPath(uploadDir)).normalize();
|
||||
Path filePath = basePath.resolve(fileName).normalize();
|
||||
|
||||
if (!filePath.startsWith(basePath)) {
|
||||
throw new SecurityException("非法路径,禁止访问");
|
||||
}
|
||||
|
||||
// 保存文件到服务器
|
||||
Files.copy(file.getInputStream(), filePath);
|
||||
@@ -171,4 +184,12 @@ public class FileServiceImpl extends ServiceImpl<FileMapper, File> implements IF
|
||||
this.save(file);
|
||||
return file;
|
||||
}
|
||||
|
||||
private String getCanonicalPath(String path) {
|
||||
try {
|
||||
return new java.io.File(path).getCanonicalPath();
|
||||
} catch (Exception e) {
|
||||
return path;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -160,8 +160,11 @@ public class JobServiceImpl extends ServiceImpl<JobMapper,Job> implements IJobSe
|
||||
"&types=190000&city=" + encodedCity + "&output=JSON";
|
||||
String requestUrl = AMAP_URL + "?" + params;
|
||||
|
||||
// 发送HTTP请求
|
||||
URL url = new URL(requestUrl);
|
||||
String protocol = url.getProtocol();
|
||||
if (!"http".equalsIgnoreCase(protocol) && !"https".equalsIgnoreCase(protocol)) {
|
||||
throw new SecurityException("非法请求,仅支持HTTP/HTTPS协议");
|
||||
}
|
||||
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
|
||||
connection.setRequestMethod("GET");
|
||||
|
||||
@@ -416,10 +419,12 @@ public class JobServiceImpl extends ServiceImpl<JobMapper,Job> implements IJobSe
|
||||
//传递job消息不完整
|
||||
parmJob=jobMapper.getJobInfo(job.getJobId());
|
||||
}
|
||||
List<AppUser> users=companyCollectionMapper.selectAppuserList(parmJob.getCompanyId());
|
||||
if(users!=null&&users.size()>0){
|
||||
List<Notice> notices= NoticeUtils.createGwsxNotice(users,parmJob);
|
||||
noticeMapper.batchInsert(notices);
|
||||
if (parmJob != null) {
|
||||
List<AppUser> users=companyCollectionMapper.selectAppuserList(parmJob.getCompanyId());
|
||||
if(users!=null&&users.size()>0){
|
||||
List<Notice> notices= NoticeUtils.createGwsxNotice(users,parmJob);
|
||||
noticeMapper.batchInsert(notices);
|
||||
}
|
||||
}
|
||||
}else {
|
||||
job.setPostingDate(null);
|
||||
|
||||
@@ -13,12 +13,16 @@ import com.ruoyi.common.utils.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
import java.util.*;
|
||||
|
||||
@Service
|
||||
public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics> implements StaticsqueryService {
|
||||
@Autowired
|
||||
private StaticsMapper staticsMapper;
|
||||
|
||||
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||
|
||||
@Override
|
||||
public Map<String, Object> industry(Staticsquery staticsquery) {
|
||||
HashMap<String, Object> result = new HashMap<>();
|
||||
@@ -155,11 +159,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
@@ -222,11 +226,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
@@ -294,11 +298,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
@@ -366,11 +370,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
@@ -441,11 +445,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
@@ -525,11 +529,11 @@ public class StaticsqueryServiceImpl extends ServiceImpl<StaticsMapper, Statics>
|
||||
if (granularity.equals("quarter")) baseValue = 300;
|
||||
if (granularity.equals("year")) baseValue = 1200;
|
||||
|
||||
int variation = (int)(baseValue * 0.2 * (Math.random() - 0.5));
|
||||
int variation = (int) (baseValue * 0.2 * (SECURE_RANDOM.nextDouble() - 0.5));
|
||||
stat.setData(String.valueOf(baseValue + variation));
|
||||
} else {
|
||||
double baseRate = 0.05;
|
||||
double variation = 0.01 * (Math.random() - 0.5);
|
||||
double variation = 0.01 * (SECURE_RANDOM.nextDouble() - 0.5);
|
||||
stat.setData(String.format("%.2f", baseRate + variation));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user