From cc4c52c998f5ffd6adc63d62d870ce76ffa9ae61 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 01 十一月 2021 15:03:06 +0800
Subject: [PATCH] 任务屏蔽违规字符

---
 ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
index 4d37ee9..2f3ddab 100644
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@@ -19,7 +19,6 @@
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.exception.job.TaskException;
-import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.quartz.domain.SysJob;
@@ -89,11 +88,19 @@
         {
             return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
+        else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+        {
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'ldap://'调用");
+        }
         else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
         {
             return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
         }
-        job.setCreateBy(SecurityUtils.getUsername());
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+        {
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串存在违规");
+        }
+        job.setCreateBy(getUsername());
         return toAjax(jobService.insertJob(job));
     }
 
@@ -113,11 +120,19 @@
         {
             return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
+        else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+        {
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'ldap://'调用");
+        }
         else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
         {
             return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
         }
-        job.setUpdateBy(SecurityUtils.getUsername());
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+        {
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串存在违规");
+        }
+        job.setUpdateBy(getUsername());
         return toAjax(jobService.updateJob(job));
     }
 

--
Gitblit v1.9.2