From 8007b22b8569dc8036df95adb58f6ca53c8eb04c Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 一月 2022 12:04:40 +0800
Subject: [PATCH] 导出Excel时屏蔽公式，防止CSV注入风险

---
 ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java |   30 ++++++++++++++++++++++--------
 1 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
index f7e68e7..4aa1d2b 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
@@ -2,9 +2,7 @@
 
 import java.util.Date;
 import java.util.List;
-import javax.validation.constraints.Email;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.Size;
+import javax.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 import com.fasterxml.jackson.annotation.JsonIgnore;
@@ -14,6 +12,7 @@
 import com.ruoyi.common.annotation.Excel.Type;
 import com.ruoyi.common.annotation.Excels;
 import com.ruoyi.common.core.domain.BaseEntity;
+import com.ruoyi.common.xss.Xss;
 
 /**
  * 用户对象 sys_user
@@ -68,12 +67,12 @@
     /** 删除标志（0代表存在 2代表删除） */
     private String delFlag;
 
-    /** 最后登陆IP */
-    @Excel(name = "最后登陆IP", type = Type.EXPORT)
+    /** 最后登录IP */
+    @Excel(name = "最后登录IP", type = Type.EXPORT)
     private String loginIp;
 
-    /** 最后登陆时间 */
-    @Excel(name = "最后登陆时间", width = 30, dateFormat = "yyyy-MM-dd HH:mm:ss", type = Type.EXPORT)
+    /** 最后登录时间 */
+    @Excel(name = "最后登录时间", width = 30, dateFormat = "yyyy-MM-dd HH:mm:ss", type = Type.EXPORT)
     private Date loginDate;
 
     /** 部门对象 */
@@ -91,6 +90,9 @@
 
     /** 岗位组 */
     private Long[] postIds;
+
+    /** 角色ID */
+    private Long roleId;
 
     public SysUser()
     {
@@ -132,6 +134,7 @@
         this.deptId = deptId;
     }
 
+    @Xss(message = "用户昵称不能包含脚本字符")
     @Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符")
     public String getNickName()
     {
@@ -143,6 +146,7 @@
         this.nickName = nickName;
     }
 
+    @Xss(message = "用户账号不能包含脚本字符")
     @NotBlank(message = "用户账号不能为空")
     @Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符")
     public String getUserName()
@@ -198,7 +202,7 @@
         this.avatar = avatar;
     }
 
-	@JsonIgnore
+    @JsonIgnore
     @JsonProperty
     public String getPassword()
     {
@@ -300,6 +304,16 @@
         this.postIds = postIds;
     }
 
+    public Long getRoleId()
+    {
+        return roleId;
+    }
+
+    public void setRoleId(Long roleId)
+    {
+        this.roleId = roleId;
+    }
+
     @Override
     public String toString() {
         return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE)

--
Gitblit v1.9.2