From 185b233f3e89bcdd6f30e098a78b65c75a3ac448 Mon Sep 17 00:00:00 2001
From: java110 <928255095@qq.com>
Date: 星期三, 15 九月 2021 16:09:51 +0800
Subject: [PATCH] 优化代码

---
 service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java b/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
index fdd4a9b..6c57c57 100644
--- a/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
+++ b/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
@@ -19,6 +19,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -46,6 +47,9 @@
     @Override
     @Java110Transactional
     public void doCmd(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) throws CmdException {
+        Map<String,String> headers = cmdDataFlowContext.getReqHeaders();
+
+        reqJson.put("storeId",headers.get("store-id"));
 
         OaWorkflowFormDto oaWorkflowFormDto = new OaWorkflowFormDto();
         oaWorkflowFormDto.setFlowId(reqJson.get("flowId").toString());
@@ -71,12 +75,11 @@
         }
 
         List<String> columns = new ArrayList<>();
-        List<String> values = new ArrayList<>();
         for (String key : reqJson.keySet()) {
-            if ("flowId".equals(key) || "id".equals(key)) {
+            if ("flowId".equals(key) || "id".equals(key) || "storeId".equals(key)) {
                 continue;
             }
-            columns.add(key + "=" + reqJson.getString(key));
+            columns.add(key + "='" + reqJson.getString(key)+"'");
 
             //绠�鍗曟牎楠�
             validateColumns(columns);
@@ -107,7 +110,7 @@
     }
 
     public static boolean containsSqlInjection(Object obj) {
-        Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)\\b|(\\*|;|\\+|'|%)");
+        Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)");
         Matcher matcher = pattern.matcher(obj.toString().toLowerCase());
         return matcher.find();
     }

--
Gitblit v1.8.0