From cc4c52c998f5ffd6adc63d62d870ce76ffa9ae61 Mon Sep 17 00:00:00 2001 From: RuoYi <yzz_ivy@163.com> Date: 星期一, 01 十一月 2021 15:03:06 +0800 Subject: [PATCH] 任务屏蔽违规字符 --- ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java | 21 ++++++++++++++++++--- 1 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java index 4d37ee9..2f3ddab 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java @@ -19,7 +19,6 @@ import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.exception.job.TaskException; -import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.quartz.domain.SysJob; @@ -89,11 +88,19 @@ { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } + else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP)) + { + return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用"); + } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); } - job.setCreateBy(SecurityUtils.getUsername()); + else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR)) + { + return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规"); + } + job.setCreateBy(getUsername()); return toAjax(jobService.insertJob(job)); } @@ -113,11 +120,19 @@ { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } + else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP)) + { + return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用"); + } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); } - job.setUpdateBy(SecurityUtils.getUsername()); + else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR)) + { + return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规"); + } + job.setUpdateBy(getUsername()); return toAjax(jobService.updateJob(job)); } -- Gitblit v1.9.2