From 6bb166b89f7dbdf441e51114d3166ab95371220b Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 17 十一月 2020 10:29:52 +0800
Subject: [PATCH] 阻止任意文件下载漏洞
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
index 4e93c6c..6d57f22 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
@@ -243,19 +243,19 @@
val = Convert.toStr(val);
}
}
- else if ((Integer.TYPE == fieldType) || (Integer.class == fieldType))
+ else if ((Integer.TYPE == fieldType || Integer.class == fieldType) && StringUtils.isNumeric(Convert.toStr(val)))
{
val = Convert.toInt(val);
}
- else if ((Long.TYPE == fieldType) || (Long.class == fieldType))
+ else if (Long.TYPE == fieldType || Long.class == fieldType)
{
val = Convert.toLong(val);
}
- else if ((Double.TYPE == fieldType) || (Double.class == fieldType))
+ else if (Double.TYPE == fieldType || Double.class == fieldType)
{
val = Convert.toDouble(val);
}
- else if ((Float.TYPE == fieldType) || (Float.class == fieldType))
+ else if (Float.TYPE == fieldType || Float.class == fieldType)
{
val = Convert.toFloat(val);
}
@@ -503,7 +503,7 @@
else if (ColumnType.NUMERIC == attr.cellType())
{
cell.setCellType(CellType.NUMERIC);
- cell.setCellValue(Integer.parseInt(value + ""));
+ cell.setCellValue(StringUtils.contains(Convert.toStr(value), ".") ? Convert.toDouble(value) : Convert.toInt(value));
}
}
--
Gitblit v1.9.2