From 4cf3786f48f0f42adc7ecf9352ddfc7df038f5bc Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 01 六月 2020 10:46:30 +0800
Subject: [PATCH] 升级fastjson到最新版1.2.70 修复高危安全漏洞

---
 ruoyi/src/main/java/com/ruoyi/framework/interceptor/impl/SameUrlDataInterceptor.java |   35 ++++++++++++++++++++++++-----------
 1 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/ruoyi/src/main/java/com/ruoyi/framework/interceptor/impl/SameUrlDataInterceptor.java b/ruoyi/src/main/java/com/ruoyi/framework/interceptor/impl/SameUrlDataInterceptor.java
index 9d915c6..05f59ee 100644
--- a/ruoyi/src/main/java/com/ruoyi/framework/interceptor/impl/SameUrlDataInterceptor.java
+++ b/ruoyi/src/main/java/com/ruoyi/framework/interceptor/impl/SameUrlDataInterceptor.java
@@ -2,14 +2,19 @@
 
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import com.alibaba.fastjson.JSONObject;
+import com.ruoyi.common.filter.RepeatedlyRequestWrapper;
+import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.http.HttpHelper;
 import com.ruoyi.framework.interceptor.RepeatSubmitInterceptor;
+import com.ruoyi.framework.redis.RedisCache;
 
 /**
- * 判断请求url和数据是否和上一次相同， 
+ * 判断请求url和数据是否和上一次相同，
  * 如果和上次相同，则是重复提交表单。 有效时间为10秒内。
  * 
  * @author ruoyi
@@ -21,7 +26,10 @@
 
     public final String REPEAT_TIME = "repeatTime";
 
-    public final String SESSION_REPEAT_KEY = "repeatData";
+    public final String CACHE_REPEAT_KEY = "repeatData";
+
+    @Autowired
+    private RedisCache redisCache;
 
     /**
      * 间隔时间，单位:秒 默认10秒
@@ -39,17 +47,22 @@
     @Override
     public boolean isRepeatSubmit(HttpServletRequest request)
     {
-        // 本次参数及系统时间
-        String nowParams = JSONObject.toJSONString(request.getParameterMap());
+        RepeatedlyRequestWrapper repeatedlyRequest = (RepeatedlyRequestWrapper) request;
+        String nowParams = HttpHelper.getBodyString(repeatedlyRequest);
+
+        // body参数为空，获取Parameter的数据
+        if (StringUtils.isEmpty(nowParams))
+        {
+            nowParams = JSONObject.toJSONString(request.getParameterMap());
+        }
         Map<String, Object> nowDataMap = new HashMap<String, Object>();
         nowDataMap.put(REPEAT_PARAMS, nowParams);
         nowDataMap.put(REPEAT_TIME, System.currentTimeMillis());
 
-        // 请求地址（作为存放session的key值）
+        // 请求地址（作为存放cache的key值）
         String url = request.getRequestURI();
 
-        HttpSession session = request.getSession();
-        Object sessionObj = session.getAttribute(SESSION_REPEAT_KEY);
+        Object sessionObj = redisCache.getCacheObject(CACHE_REPEAT_KEY);
         if (sessionObj != null)
         {
             Map<String, Object> sessionMap = (Map<String, Object>) sessionObj;
@@ -62,9 +75,9 @@
                 }
             }
         }
-        Map<String, Object> sessionMap = new HashMap<String, Object>();
-        sessionMap.put(url, nowDataMap);
-        session.setAttribute(SESSION_REPEAT_KEY, sessionMap);
+        Map<String, Object> cacheMap = new HashMap<String, Object>();
+        cacheMap.put(url, nowDataMap);
+        redisCache.setCacheObject(CACHE_REPEAT_KEY, cacheMap, intervalTime, TimeUnit.SECONDS);
         return false;
     }
 

--
Gitblit v1.9.2