From d365a52cd6feaf4d118fafaa55104bf299d78bcb Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 15 十二月 2021 10:50:10 +0800
Subject: [PATCH] 自定义xss校验注解实现
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java | 87 +++++++++++++++++++++----------------------
1 files changed, 42 insertions(+), 45 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
index fa95291..93a19e8 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
@@ -268,22 +268,15 @@
}
}
// 有数据时才处理 得到类的所有field.
- Field[] allFields = clazz.getDeclaredFields();
- // 定义一个map用于存放列的序号和field.
- Map<Integer, Field> fieldsMap = new HashMap<Integer, Field>();
- for (int col = 0; col < allFields.length; col++)
+ List<Object[]> fields = this.getFields();
+ Map<Integer, Object[]> fieldsMap = new HashMap<Integer, Object[]>();
+ for (Object[] objects : fields)
{
- Field field = allFields[col];
- Excel attr = field.getAnnotation(Excel.class);
- if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
+ Excel attr = (Excel) objects[1];
+ Integer column = cellMap.get(attr.name());
+ if (column != null)
{
- // 设置类的私有字段属性可访问.
- field.setAccessible(true);
- Integer column = cellMap.get(attr.name());
- if (column != null)
- {
- fieldsMap.put(column, field);
- }
+ fieldsMap.put(column, objects);
}
}
for (int i = titleNum + 1; i <= rows; i++)
@@ -296,14 +289,15 @@
continue;
}
T entity = null;
- for (Map.Entry<Integer, Field> entry : fieldsMap.entrySet())
+ for (Map.Entry<Integer, Object[]> entry : fieldsMap.entrySet())
{
Object val = this.getCellValue(row, entry.getKey());
// 如果不存在实例则新建.
entity = (entity == null ? clazz.newInstance() : entity);
// 从map中得到对应列的field.
- Field field = fieldsMap.get(entry.getKey());
+ Field field = (Field) entry.getValue()[0];
+ Excel attr = (Excel) entry.getValue()[1];
// 取得类型,并根据对象类型设置值.
Class<?> fieldType = field.getType();
if (String.class == fieldType)
@@ -363,7 +357,6 @@
}
if (StringUtils.isNotNull(fieldType))
{
- Excel attr = field.getAnnotation(Excel.class);
String propertyName = field.getName();
if (StringUtils.isNotEmpty(attr.targetAttr()))
{
@@ -438,7 +431,7 @@
* @return 结果
* @throws IOException
*/
- public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)throws IOException
+ public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)
{
exportExcel(response, list, sheetName, StringUtils.EMPTY);
}
@@ -453,12 +446,12 @@
* @return 结果
* @throws IOException
*/
- public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title) throws IOException
+ public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title)
{
response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
response.setCharacterEncoding("utf-8");
this.init(list, sheetName, title, Type.EXPORT);
- exportExcel(response.getOutputStream());
+ exportExcel(response);
}
/**
@@ -491,7 +484,7 @@
* @param sheetName 工作表的名称
* @return 结果
*/
- public void importTemplateExcel(HttpServletResponse response, String sheetName) throws IOException
+ public void importTemplateExcel(HttpServletResponse response, String sheetName)
{
importTemplateExcel(response, sheetName, StringUtils.EMPTY);
}
@@ -503,12 +496,12 @@
* @param title 标题
* @return 结果
*/
- public void importTemplateExcel(HttpServletResponse response, String sheetName, String title) throws IOException
+ public void importTemplateExcel(HttpServletResponse response, String sheetName, String title)
{
response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
response.setCharacterEncoding("utf-8");
this.init(null, sheetName, title, Type.IMPORT);
- exportExcel(response.getOutputStream());
+ exportExcel(response);
}
/**
@@ -516,12 +509,12 @@
*
* @return 结果
*/
- public void exportExcel(OutputStream out)
+ public void exportExcel(HttpServletResponse response)
{
try
{
writeSheet();
- wb.write(out);
+ wb.write(response.getOutputStream());
}
catch (Exception e)
{
@@ -530,7 +523,6 @@
finally
{
IOUtils.closeQuietly(wb);
- IOUtils.closeQuietly(out);
}
}
@@ -610,8 +602,6 @@
{
Field field = (Field) os[0];
Excel excel = (Excel) os[1];
- // 设置实体类私有属性可访问
- field.setAccessible(true);
this.addCell(excel, row, vo, field, column++);
}
}
@@ -1164,7 +1154,17 @@
*/
private void createExcelField()
{
- this.fields = new ArrayList<Object[]>();
+ this.fields = getFields();
+ this.fields = this.fields.stream().sorted(Comparator.comparing(objects -> ((Excel) objects[1]).sort())).collect(Collectors.toList());
+ this.maxHeight = getRowHeight();
+ }
+
+ /**
+ * 获取字段注解信息
+ */
+ public List<Object[]> getFields()
+ {
+ List<Object[]> fields = new ArrayList<Object[]>();
List<Field> tempFields = new ArrayList<>();
tempFields.addAll(Arrays.asList(clazz.getSuperclass().getDeclaredFields()));
tempFields.addAll(Arrays.asList(clazz.getDeclaredFields()));
@@ -1173,7 +1173,12 @@
// 单注解
if (field.isAnnotationPresent(Excel.class))
{
- putToField(field, field.getAnnotation(Excel.class));
+ Excel attr = field.getAnnotation(Excel.class);
+ if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
+ {
+ field.setAccessible(true);
+ fields.add(new Object[] { field, attr });
+ }
}
// 多注解
@@ -1181,14 +1186,17 @@
{
Excels attrs = field.getAnnotation(Excels.class);
Excel[] excels = attrs.value();
- for (Excel excel : excels)
+ for (Excel attr : excels)
{
- putToField(field, excel);
+ if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
+ {
+ field.setAccessible(true);
+ fields.add(new Object[] { field, attr });
+ }
}
}
}
- this.fields = this.fields.stream().sorted(Comparator.comparing(objects -> ((Excel) objects[1]).sort())).collect(Collectors.toList());
- this.maxHeight = getRowHeight();
+ return fields;
}
/**
@@ -1203,17 +1211,6 @@
maxHeight = maxHeight > excel.height() ? maxHeight : excel.height();
}
return (short) (maxHeight * 20);
- }
-
- /**
- * 放到字段集合中
- */
- private void putToField(Field field, Excel attr)
- {
- if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
- {
- this.fields.add(new Object[] { field, attr });
- }
}
/**
--
Gitblit v1.9.2