purovps/jshERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化用户查询的接口

Browse Source
This commit is contained in:
jishenghua
2025-08-14 23:03:55 +08:00
parent 90c411a5fd
commit fbda24da30
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
View File

@@ -38,7 +38,7 @@ public class LogCostFilter implements Filter {
HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response; HttpServletResponse servletResponse = (HttpServletResponse) response;
String requestUrl = servletRequest.getRequestURI(); String requestUrl = servletRequest.getRequestURI();
if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e")) { if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e") || requestUrl.contains("%2E")) {
servletResponse.setStatus(500); servletResponse.setStatus(500);
servletResponse.getWriter().write("loginOut"); servletResponse.getWriter().write("loginOut");
return; return;

7
jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
View File

@@ -65,7 +65,12 @@ public class UserService {
public User getUser(long id)throws Exception { public User getUser(long id)throws Exception {
User result=null; User result=null;
try{ try{
result=userMapper.selectByPrimaryKey(id); //先校验是否登录,然后才能查询用户数据
HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
Long userId = this.getUserId(request);
if(userId!=null) {
result = userMapper.selectByPrimaryKey(id);
}
}catch(Exception e){ }catch(Exception e){
JshException.readFail(logger, e); JshException.readFail(logger, e);
} }