From 19b868875992821a28f408cbbd2a31fa47f91072 Mon Sep 17 00:00:00 2001
From: Live <1005297262@qq.com>
Date: 星期二, 09 六月 2020 11:36:10 +0800
Subject: [PATCH] IpUtils工具，清除Xss特殊字符，防止Xff注入攻击

---
 ruoyi/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/ruoyi/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index 634f0ed..e28e968 100644
--- a/ruoyi/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -52,6 +52,11 @@
      */
     public static final String DATA_SCOPE_SELF = "5";
 
+    /**
+     * 数据权限过滤关键字
+     */
+    public static final String DATA_SCOPE = "dataScope";
+
     // 配置织入点
     @Pointcut("@annotation(com.ruoyi.framework.aspectj.lang.annotation.DataScope)")
     public void dataScopePointCut()
@@ -138,7 +143,7 @@
         if (StringUtils.isNotBlank(sqlString.toString()))
         {
             BaseEntity baseEntity = (BaseEntity) joinPoint.getArgs()[0];
-            baseEntity.setDataScope(" AND (" + sqlString.substring(4) + ")");
+            baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
         }
     }
 

--
Gitblit v1.9.2