Skip to content

A
amos-boot-biz
Commit 453584fe authored by litengwei's avatar litengwei
Browse files
Options

SQL Injection: MyBatis Mapper(SQL注入:MyBatis Mapper)

parent c2a90a0a
Hide whitespace changes
Inline Side-by-side
Showing with 41 additions and 41 deletions
amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/DutyPersonShiftMapper.xml
View file @ 453584fe
......@@ -292,7 +292,7 @@ select * from (
group by cd.instance_id
) result
<if test="groupByName != null and groupByName!='' ">
group by #{groupByName}
group by ${groupByName}
</if>
</select>
......
amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/DynamicFormInstanceMapper.xml
View file @ 453584fe
......@@ -107,16 +107,16 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldCodes[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
<when test="fieldCodes[key] == 'ge' and value !=null and value !=''">
and d.#{key} >= #{value}
and d.${key} >= #{value}
</when>
<when test="fieldCodes[key] == 'le' and value !=null and value !=''">
and d.#{key} <![CDATA[<=]]> #{value}
and d.${key} <![CDATA[<=]]> #{value}
</when>
</choose>
</foreach>
......@@ -157,10 +157,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldCodes[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
</choose>
</foreach>
......@@ -211,10 +211,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldCodes[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
</choose>
</foreach>
......@@ -335,7 +335,7 @@
<foreach collection="fieldCodes" item="value" index="key" >
,MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key},
IF(FIND_IN_SET(i.field_type,'radio,select,treeSelect'), MAX(CASE WHEN i.FIELD_CODE = #{key} THEN
i.FIELD_VALUE_LABEL END), null) as #{key}Label
i.FIELD_VALUE_LABEL END), null) as ${key}Label
</foreach>
from
cb_dynamic_form_instance i
......@@ -361,16 +361,16 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldCodes[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
<when test="fieldCodes[key] == 'ge' and value !=null and value !=''">
and d.#{key} >= #{value}
and d.${key} >= #{value}
</when>
<when test="fieldCodes[key] == 'le' and value !=null and value !=''">
and d.#{key} <![CDATA[<=]]> #{value}
and d.${key} <![CDATA[<=]]> #{value}
</when>
</choose>
</foreach>
......
amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/OrgUsrMapper.xml
View file @ 453584fe
......@@ -110,7 +110,7 @@
<foreach collection="map.fieldsValue.keys" item="item">
<if test="item != 'bizOrgName'">
AND a.#{item} = #{map.fieldsValue[#{item}]}
AND a.${item} = #{map.fieldsValue[#{item}]}
</if>
......
amos-boot-system-equip/src/main/resources/mapper/FormInstanceEquipMapper.xml
View file @ 453584fe
......@@ -28,10 +28,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldNames[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldNames[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
</choose>
</foreach>
......@@ -80,10 +80,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldNames[key] == 'like' and value !=null and value !=''">
AND d.#{key} like concat('%',#{value},'%')
AND d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldNames[key] == 'eq' and value !=null and value !=''">
AND d.#{key} = #{value}
AND d.${key} = #{value}
</when>
</choose>
......
amos-boot-system-equip/src/main/resources/mapper/FormInstanceMapper.xml
View file @ 453584fe
......@@ -28,10 +28,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldNames[key] == 'like' and value !=null and value !=''">
and d.#{key} like concat('%',#{value},'%')
and d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldNames[key] == 'eq' and value !=null and value !=''">
and d.#{key} = #{value}
and d.${key} = #{value}
</when>
</choose>
</foreach>
......@@ -80,10 +80,10 @@
<foreach collection="params" index="key" item="value" separator="">
<choose>
<when test="fieldNames[key] == 'like' and value !=null and value !=''">
AND d.#{key} like concat('%',#{value},'%')
AND d.${key} like concat('%',#{value},'%')
</when>
<when test="fieldNames[key] == 'eq' and value !=null and value !=''">
AND d.#{key} = #{value}
AND d.${key} = #{value}
</when>
</choose>
......
amos-boot-system-knowledgebase/src/main/resources/mapper/StatisticsRecordMapper.xml
View file @ 453584fe
......@@ -343,7 +343,7 @@
<select id="tagChartStatistics" resultType="java.util.Map"
parameterType="java.util.Map">
SELECT
COUNT(1) AS datas,#{splitSQL} AS level
COUNT(1) AS datas,${splitSQL} AS level
FROM
knowledge_doc_content kdc
LEFT JOIN knowledge_tag_instance kti ON kti.TARGET_SEQ = kdc.SEQUENCE_NBR
......@@ -384,7 +384,7 @@
<select id="tagTimeChartStatistics" resultType="java.util.Map"
parameterType="java.util.Map">
SELECT
COUNT(1) AS datas ,#{splitSQL} AS level
COUNT(1) AS datas ,${splitSQL} AS level
FROM
(
SELECT
......
amos-boot-system-patrol/src/main/resources/db/mapper/TaskReportMapper.xml
View file @ 453584fe
......@@ -258,8 +258,8 @@
<if test="orgCode != null and orgCode !=''" >
And pp.org_code= #{orgCode}
</if>
AND d.create_date &gt;= '#{startDate}'
AND d.create_date &lt;= '#{endDate}'
AND d.create_date &gt;= #{startDate}
AND d.create_date &lt;= #{endDate}
<if test="planId != null and planId !=''" >
and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
</if>
......@@ -532,8 +532,8 @@
LEFT JOIN p_plan_task pt on pt.id = d.task_no
LEFT JOIN p_plan pl on pt.plan_id=pl.id
WHERE
d.create_date &gt;= '#{startDate}'
AND d.create_date &lt;= '#{endDate}'
d.create_date &gt;= #{startDate}
AND d.create_date &lt;= #{endDate}
<if test="orgCode != null and orgCode !=''" >
And (pl.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pl.org_code= #{orgCode} )
</if>
......@@ -812,8 +812,8 @@
<if test="orgCode != null and orgCode !=''" >
And (pt.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pt.org_code= #{orgCode} )
</if>
AND d.create_date &gt;= '#{startDate}'
AND d.create_date &lt;= '#{endDate}'
AND d.create_date &gt;= #{startDate}
AND d.create_date &lt;= #{endDate}
<if test="planId != null and planId !=''" >
and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
</if>
......@@ -1089,8 +1089,8 @@
<if test="orgCode != null and orgCode !=''" >
And (pp.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pp.org_code= #{orgCode} )
</if>
AND d.create_date &gt;= '#{startDate}'
AND d.create_date &lt;= '#{endDate}'
AND d.create_date &gt;= #{startDate}
AND d.create_date &lt;= #{endDate}
<if test="planId != null and planId !=''" >
and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
</if>
......@@ -1366,8 +1366,8 @@
<if test="orgCode != null and orgCode !=''" >
And pr.org_code= #{orgCode}
</if>
AND d.create_date &gt;= '#{startDate}'
AND d.create_date &lt;= '#{endDate}'
AND d.create_date &gt;= #{startDate}
AND d.create_date &lt;= #{endDate}
<if test="planId != null and planId !=''" >
and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
</if>
......@@ -1683,8 +1683,8 @@ FROM
p_plan_task pt
WHERE
pt.user_id >0
AND pt.end_time BETWEEN '#{startTime}'
AND '#{endTime}'
AND pt.end_time BETWEEN #{startTime}
AND #{endTime}
<if test="summation == 'false'">
GROUP BY
......
amos-boot-system-patrol/src/main/resources/db/mapper/dbTemplate_check.xml
View file @ 453584fe
......@@ -96,7 +96,7 @@
<if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
<if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
<if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS(#{checkTime})</if>
<if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
<if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
<if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
......@@ -150,7 +150,7 @@
<if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
<if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
<if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS(#{checkTime})</if>
<if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
<if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
<if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
......@@ -236,7 +236,7 @@
<if test="catalogId!=null">and b.Catalog_Id = #{catalogId}</if>
<if test="orgCode!=null">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
<if test="pointId!=null">and a.point_id = #{pointId}</if>
<if test="checkTime!=null">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
<if test="checkTime!=null">and TO_DAYS(a.check_time) = TO_DAYS(#{checkTime})</if>
<if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
<if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
<if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
......@@ -404,7 +404,7 @@
<if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
<if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
<if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
<if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS(#{checkTime})</if>
<if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
<if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
<if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment