purovps/jshERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

为排序字段添加白名单验证

Browse Source
This commit is contained in:
jishenghua
2026-01-30 11:52:37 +08:00
parent 1065be3c47
commit 9990a3c4f3
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
jshERP-boot/src/main/resources/mapper_xml/DepotHeadMapperEx.xml
View File

@@ -500,7 +500,12 @@
order by materialId desc order by materialId desc
</if> </if>
<if test="column != 'createTime'"> <if test="column != 'createTime'">
order by ${column} ${order} <if test="column == 'barCode' or column == 'numSum' or column == 'priceSum'">
order by ${column}
<if test="order == 'asc' or order == 'desc'">
${order}
</if>
</if>
</if> </if>
<if test="offset != null and rows != null"> <if test="offset != null and rows != null">
limit #{offset},#{rows} limit #{offset},#{rows}
@@ -706,7 +711,12 @@
order by oper_time desc,number desc order by oper_time desc,number desc
</if> </if>
<if test="column != 'createTime'"> <if test="column != 'createTime'">
order by ${column} ${order} <if test="column == 'barCode' or column == 'operNumber' or column == 'unitPrice' or column == 'allPrice'">
order by ${column}
<if test="order == 'asc' or order == 'desc'">
${order}
</if>
</if>
</if> </if>
<if test="offset != null and rows != null"> <if test="offset != null and rows != null">
limit #{offset},#{rows} limit #{offset},#{rows}

7
jshERP-boot/src/main/resources/mapper_xml/MaterialMapperEx.xml
View File

@@ -698,7 +698,12 @@
order by m.id desc order by m.id desc
</if> </if>
<if test="column != 'createTime'"> <if test="column != 'createTime'">
order by ${column} ${order} <if test="column == 'mBarCode' or column == 'purchaseDecimal' or column == 'currentStock' or column == 'currentStockPrice' or column == 'currentWeight'">
order by ${column}
<if test="order == 'asc' or order == 'desc'">
${order}
</if>
</if>
</if> </if>
<if test="offset != null and rows != null"> <if test="offset != null and rows != null">
limit #{offset},#{rows} limit #{offset},#{rows}