From fbda24da30997df1f642a1878272d7278ccd94ce Mon Sep 17 00:00:00 2001
From: jishenghua <752718920@qq.com>
Date: Thu, 14 Aug 2025 23:03:55 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E7=94=A8=E6=88=B7=E6=9F=A5?=
 =?UTF-8?q?=E8=AF=A2=E7=9A=84=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/com/jsh/erp/filter/LogCostFilter.java    | 2 +-
 .../src/main/java/com/jsh/erp/service/UserService.java     | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java b/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
index 2e380882..a43d870c 100644
--- a/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
@@ -38,7 +38,7 @@ public class LogCostFilter implements Filter {
         HttpServletRequest servletRequest = (HttpServletRequest) request;
         HttpServletResponse servletResponse = (HttpServletResponse) response;
         String requestUrl = servletRequest.getRequestURI();
-        if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e")) {
+        if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e") || requestUrl.contains("%2E")) {
             servletResponse.setStatus(500);
             servletResponse.getWriter().write("loginOut");
             return;
diff --git a/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java b/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
index 26720855..26f98e90 100644
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
@@ -65,7 +65,12 @@ public class UserService {
     public User getUser(long id)throws Exception {
         User result=null;
         try{
-            result=userMapper.selectByPrimaryKey(id);
+            //先校验是否登录，然后才能查询用户数据
+            HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
+            Long userId = this.getUserId(request);
+            if(userId!=null) {
+                result = userMapper.selectByPrimaryKey(id);
+            }
         }catch(Exception e){
             JshException.readFail(logger, e);
         }