Merge branch 'develop_dl_bugfix' of http://36.40.66.175:5000/moa/amos-boot-biz…

amos-boot-biz-common/src/main/java/com/yeejoin/amos/boot/biz/common/utils/WordConverterUtils.java

@@ -8,6 +8,7 @@ import org.apache.poi.hwpf.converter.WordToHtmlConverter;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.commons.CommonsMultipartFile;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -117,6 +118,7 @@ public class WordConverterUtils {
 				DOMSource domSource = new DOMSource(htmlDocument);
 				StreamResult streamResult = new StreamResult(targetFile);
 				TransformerFactory tf = TransformerFactory.newInstance();
+				tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 				Transformer serializer = tf.newTransformer();
 				serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
 				serializer.setOutputProperty(OutputKeys.INDENT, "yes");

amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/DutyPersonShiftMapper.xml

@@ -292,7 +292,7 @@ select * from (
 		group by cd.instance_id
 ) result 
 		<if test="groupByName != null and  groupByName!='' ">
-			group by ${groupByName}
+			group by #{groupByName}
 		</if>
 	</select>
 	
@@ -335,7 +335,7 @@ select * from (
 		group by cd.instance_id
 ) result 
 		<if test="groupByName != null and  groupByName!='' ">
-			group by ${groupByName}
+			group by #{groupByName}
 		</if>
 	</select>
 	

amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/DynamicFormInstanceMapper.xml

@@ -54,7 +54,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode,
         <foreach collection="fieldCodes" item="value" index="key" separator=",">
-            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key}
+            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -92,7 +92,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldCodes" item="value" index="key">
-            ,MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key}
+            ,MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -107,16 +107,16 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldCodes[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                     <when test="fieldCodes[key] == 'ge' and value !=null and value !=''">
-                        and d.${key} >= #{value}
+                        and d.#{key} >= #{value}
                     </when>
                     <when test="fieldCodes[key] == 'le' and value !=null and value !=''">
-                        and d.${key} <![CDATA[<=]]> #{value}
+                        and d.#{key} <![CDATA[<=]]> #{value}
                     </when>
                 </choose>
             </foreach>
@@ -132,9 +132,9 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldCodes" item="value" index="key" >
-           , MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key},
+           , MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key},
             IF(FIND_IN_SET(i.field_type,'radio,select,treeSelect'), MAX(CASE WHEN i.FIELD_CODE = #{key} THEN
-            i.FIELD_VALUE_LABEL END), null) as ${key}Label
+            i.FIELD_VALUE_LABEL END), null) as #{key}Label
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -157,10 +157,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldCodes[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                 </choose>
             </foreach>
@@ -190,7 +190,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldCodes" item="value" index="key" >
-          , MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key}
+          , MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -211,10 +211,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldCodes[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                 </choose>
             </foreach>
@@ -234,7 +234,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode,
         <foreach collection="fieldCodes" item="value" index="key" separator=",">
-            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key}
+            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -274,7 +274,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode,
         <foreach collection="fieldCodes" item="value" index="key" separator=",">
-            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key}
+            MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         ,
         IFNULL(( SELECT c.field_value FROM cb_dynamic_form_instance c, `cb_org_usr` WHERE field_code = 'telephone' AND c.instance_id = `cb_org_usr`.sequence_nbr AND `cb_org_usr`.sequence_nbr = MAX(CASE WHEN i.FIELD_CODE = 'userId' THEN i.FIELD_VALUE END) ), "" ) AS telephone
@@ -333,9 +333,9 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldCodes" item="value" index="key" >
-            ,MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as ${key},
+            ,MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END) as #{key},
             IF(FIND_IN_SET(i.field_type,'radio,select,treeSelect'), MAX(CASE WHEN i.FIELD_CODE = #{key} THEN
-            i.FIELD_VALUE_LABEL END), null) as ${key}Label
+            i.FIELD_VALUE_LABEL END), null) as #{key}Label
         </foreach>
         from
         cb_dynamic_form_instance i
@@ -361,16 +361,16 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldCodes[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldCodes[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                     <when test="fieldCodes[key] == 'ge' and value !=null and value !=''">
-                        and d.${key} >= #{value}
+                        and d.#{key} >= #{value}
                     </when>
                     <when test="fieldCodes[key] == 'le' and value !=null and value !=''">
-                        and d.${key} <![CDATA[<=]]> #{value}
+                        and d.#{key} <![CDATA[<=]]> #{value}
                     </when>
                 </choose>
             </foreach>

amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/LinkageUnitMapper.xml

@@ -16,7 +16,7 @@
 		<foreach collection="fieldCodes" item="value" index="key"
 			separator=",">
 			MAX(CASE WHEN i.FIELD_CODE = #{key} THEN i.FIELD_VALUE END)
-			as ${key}
+			as #{key}
 		</foreach>
 		from
 		cb_dynamic_form_instance i

amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/resources/mapper/OrgUsrMapper.xml

@@ -110,7 +110,7 @@
                                             <foreach collection="map.fieldsValue.keys" item="item">
 
                                                 <if test="item !=  'bizOrgName'">
-                                                    AND a.${item} = #{map.fieldsValue[${item}]}
+                                                    AND a.#{item} = #{map.fieldsValue[#{item}]}
                                                 </if>
 
 
@@ -218,7 +218,7 @@
             <if test="map.fieldsValue != null">
                 <foreach collection="map.fieldsValue.keys" item="item">
                     <if test="item !=  'bizOrgName'">
-                        AND a.${item} = #{map.fieldsValue[${item}]}
+                        AND a.#{item} = #{map.fieldsValue[#{item}]}
                     </if>
                 </foreach>
             </if>
@@ -251,7 +251,7 @@
         u.biz_org_code bizOrgCode,
         <if test="fields != null">
             <foreach collection="fields" item="item" separator=",">MAX(case f.field_code when #{item} then IFNULL(v.field_value_label, v.field_value)
-                end) ${item}
+                end) #{item}
             </foreach>
         </if>
         FROM

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/ExcelUtil.java

@@ -88,7 +88,7 @@ public class ExcelUtil
 	}
 
 	public static void createXSSFExcel(String path, String fileName, List<String> headers, List<List<String>> dataList) {
-		File file = new File(path + "\\" + fileName);
+		File file = new File(path + File.separator + fileName);
 		if (!file.isDirectory()) {
 			file.mkdirs();
 		}

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/WordConverterUtils.java

@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
 import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
 import org.apache.poi.xwpf.usermodel.XWPFDocument;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -26,7 +27,7 @@ public class WordConverterUtils {
 	/**
 	 * 图片存储相对文档路径
 	 */
-	private static String imgPath = "\\image\\";
+	private static String imgPath = File.separator + "image" + File.separator;
 
 	/**
 	 * word文档转html文档
@@ -104,6 +105,7 @@ public class WordConverterUtils {
 			DOMSource domSource = new DOMSource(htmlDocument);
 			StreamResult streamResult = new StreamResult(targetFile);
 			TransformerFactory tf = TransformerFactory.newInstance();
+			tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			Transformer serializer = tf.newTransformer();
 			serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
 			serializer.setOutputProperty(OutputKeys.INDENT, "yes");
@@ -150,6 +152,7 @@ public class WordConverterUtils {
 			StringWriter stringWriter = new StringWriter();
 			StreamResult streamResult = new StreamResult(stringWriter);
 			TransformerFactory tf = TransformerFactory.newInstance();
+			tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			Transformer serializer = tf.newTransformer();
 			serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
 			serializer.setOutputProperty(OutputKeys.INDENT, "yes");

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -119,6 +120,7 @@ public class WordHtml implements AbstractHtml {
       streamResult = new StreamResult(out);
 
       TransformerFactory tf = TransformerFactory.newInstance();
+      tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       // 创建执行从 Source 到 Result 的复制的新 Transformer。
       Transformer serializer = tf.newTransformer();
       serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -209,7 +211,9 @@ public class WordHtml implements AbstractHtml {
           //讲转换后的结果输出到 stm 中即 F:\123.html
           Result result=new StreamResult(stm);
           //根据XSL文件创建准个转换对象
-          Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+          Transformer transformer=transformerFactory.newTransformer(template);
           //处理xml进行交换
           transformer.transform(source, result);
       } catch (FileNotFoundException e) {

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/XJConstant.java

@@ -246,8 +246,6 @@ public class XJConstant {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/AlertCalledMapper.xml

@@ -275,17 +275,17 @@
                 and a.alert_source_code = #{alertSourceCode}
             </if>
             <if test="systemSourceCode!= null ">
-                and a.system_source_code in  (${systemSourceCode})
+                and a.system_source_code in  (#{systemSourceCode})
             </if>
             <if test="isFatherAlert != null and isFatherAlert == 'true' ">
                 and   j.alert_called_id = a.sequence_nbr
                 GROUP BY a.sequence_nbr
             </if>
             <if test="data == 'address' and data != null and lift != null ">
-                order by  CONVERT(address USING 'gbk') ${lift}  limit #{current},#{size}
+                order by  CONVERT(address USING 'gbk') #{lift}  limit #{current},#{size}
             </if>
             <if test="data != null and data != 'address' and lift != null ">
-                order by ${data}  ${lift}     limit #{current},#{size}
+                order by #{data}  #{lift}     limit #{current},#{size}
             </if>
             <if test="data == null ">
                 order by a.call_time DESC  limit #{current},#{size}
@@ -318,7 +318,7 @@
                 and a.alert_source_code = #{alertSourceCode}
             </if>
             <if test="systemSourceCode!= null ">
-                and a.system_source_code in (${systemSourceCode})
+                and a.system_source_code in (#{systemSourceCode})
             </if>
             <if test="isFatherAlert!= null and isFatherAlert == 'true' ">
                 and j.alert_called_id = a.sequence_nbr
@@ -411,10 +411,10 @@
             GROUP BY a.sequence_nbr
         </if>
         <if test="data == 'address' and data != null and lift != null ">
-            order by  CONVERT(address USING 'gbk') ${lift}  limit #{current},#{size}
+            order by  CONVERT(address USING 'gbk') #{lift}  limit #{current},#{size}
         </if>
         <if test="data != null and data != 'address' and lift != null ">
-            order by ${data}  ${lift}     limit #{current},#{size}
+            order by #{data}  #{lift}     limit #{current},#{size}
         </if>
         <if test="data == null ">
             order by a.call_time DESC  limit #{current},#{size}

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/AlertFormValueMapper.xml

@@ -32,7 +32,7 @@
 		i.alert_type_code groupCode,
 		i.rec_date recDate,
 		<foreach collection="fieldCodes" item="item" index="key" separator=",">
-			MAX(CASE WHEN i.FIELD_CODE = #{item} THEN i.FIELD_VALUE ELSE '' END) as ${item}
+			MAX(CASE WHEN i.FIELD_CODE = #{item} THEN i.FIELD_VALUE ELSE '' END) as #{item}
 		</foreach>
 		from
 		jc_alert_form_value i

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/AlertSubmittedMapper.xml

@@ -83,7 +83,7 @@
                 LEFT JOIN jc_template t ON s.business_type_code = t.type_code
                 AND t.format = 1
         WHERE
-            o.sequence_nbr = ${id}
+            o.sequence_nbr = #{id}
     </select>
 
 
@@ -110,7 +110,7 @@
         jc_alert_submitted a
         LEFT JOIN jc_alert_submitted_object b ON a.sequence_nbr = b.alert_submitted_id
         WHERE
-        a.alert_called_id = ${id}
+        a.alert_called_id = #{id}
         ) g
         GROUP BY
         g.business_type,
@@ -129,7 +129,7 @@
 	jc_alert_submitted a
 	LEFT JOIN jc_alert_submitted_object b ON a.sequence_nbr = b.alert_submitted_id
 	WHERE
-	a.alert_called_id =  ${id}
+	a.alert_called_id =  #{id}
     </select>
 
     <select id="getFirst" resultType="Map">

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/PowerTransferCompanyMapper.xml

@@ -27,7 +27,7 @@ FROM
 		LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
 		LEFT JOIN jc_power_transfer_company_resources c ON b.sequence_nbr = c.power_transfer_company_id
 	WHERE
-		a.alert_called_id = ${id}
+		a.alert_called_id = #{id}
 	) g
 GROUP BY
 	g.company_name,

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/PowerTransferMapper.xml

@@ -152,7 +152,7 @@
 	LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
 	LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
     WHERE
-	a.alert_called_id = ${id}
+	a.alert_called_id = #{id}
     </select>
 
 
@@ -164,7 +164,7 @@
         LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
         WHERE
-        a.alert_called_id = ${id}
+        a.alert_called_id = #{id}
 
 
 
@@ -187,14 +187,14 @@
         LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
     WHERE
-        a.alert_called_id  = ${id} UNION ALL
+        a.alert_called_id  = #{id} UNION ALL
     SELECT DISTINCT
         b.company_id
     FROM
         jc_alert_submitted a
         LEFT JOIN jc_alert_submitted_object b ON a.sequence_nbr = b.alert_submitted_id
     WHERE
-        a.alert_called_id = ${id}) m
+        a.alert_called_id = #{id}) m
         </select>
 
         <select id="getPowerDataList" resultType="com.yeejoin.amos.boot.module.jcs.api.dto.PowerData">
@@ -210,7 +210,7 @@
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
         LEFT JOIN jc_user_car u ON c.resources_id =  u.car_id
     WHERE
-        a.alert_called_id = ${id}
+        a.alert_called_id = #{id}
     </select>
 
     <select id="getPowerDataOne" resultType="com.yeejoin.amos.boot.module.jcs.api.dto.PowerData">
@@ -231,7 +231,7 @@
         on cb.instance_id  = d.id4
         ) u where
         to_days(u.duty_date) = to_days(now())
-        and   u.carId = ${carId}
+        and   u.carId = #{carId}
     </select>
 
     <select id="getPowerDataOther" resultType="com.yeejoin.amos.boot.module.jcs.api.dto.PowerData">
@@ -242,7 +242,7 @@
         LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
     WHERE
-        a.alert_called_id = ${alertId} and c.resources_id = ${carId}  ORDER BY c.rec_date LIMIT 1
+        a.alert_called_id = #{alertId} and c.resources_id = #{carId}  ORDER BY c.rec_date LIMIT 1
     </select>
 
     <select id="getPowerDataCar" resultType="com.yeejoin.amos.boot.module.jcs.api.dto.PowerData">
@@ -277,7 +277,7 @@
         LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
     WHERE
-        a.alert_called_id = ${id}
+        a.alert_called_id = #{id}
     GROUP BY
         b.company_id,
         b.company_name
@@ -293,8 +293,8 @@
         LEFT JOIN jc_power_transfer_company b ON a.sequence_nbr = b.power_transfer_id
         LEFT JOIN jc_power_transfer_company_resources c ON c.power_transfer_company_id = b.sequence_nbr
     WHERE
-        a.alert_called_id = ${alertCalledId}
-        AND b.company_id = ${companyId}
+        a.alert_called_id = #{alertCalledId}
+        AND b.company_id = #{companyId}
     GROUP BY
         c.resources_name ) m where m.carNum>0
     </select>

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/VoiceRecordFileMapper.xml

@@ -45,7 +45,7 @@
         </if>
         <choose>
             <when test="sortParam != null and sortParam != '' and sortRule != null and sortRule != ''    ">
-                ORDER BY r.${sortParam} ${sortRule}
+                ORDER BY r.#{sortParam} #{sortRule}
             </when>
             <otherwise>
                 ORDER BY r.tel_start_time desc

amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/fileparser/product/html/ExcelHtml.java

@@ -8,6 +8,7 @@ import org.apache.poi.hssf.converter.ExcelToHtmlConverter;
 import org.apache.poi.hssf.usermodel.HSSFWorkbook;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -72,6 +73,7 @@ public class ExcelHtml implements AbstractHtml {
             StreamResult streamResult = new StreamResult(out);
 
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             Transformer serializer = tf.newTransformer();
             serializer.setOutputProperty(OutputKeys.ENCODING, "GB2312");
             serializer.setOutputProperty(OutputKeys.INDENT, "no");

amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/fileparser/product/html/WordHtml.java

@@ -31,6 +31,7 @@ import org.springframework.web.multipart.commons.CommonsMultipartFile;
 import org.w3c.dom.Document;
 
 import javax.imageio.ImageIO;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.OutputKeys;
@@ -159,6 +160,7 @@ public class WordHtml implements AbstractHtml {
             out = new ByteArrayOutputStream();
             streamResult = new StreamResult(out);
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             // 创建执行从 Source 到 Result 的复制的新 Transformer。
             Transformer serializer = tf.newTransformer();
             serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式

amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/utils/WordConverterUtils.java

@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
 import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
 import org.apache.poi.xwpf.usermodel.XWPFDocument;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -24,7 +25,7 @@ public class WordConverterUtils {
     /**
      * 图片存储相对文档路径
      */
-    private static String imgPath = "\\image\\";
+    private static String imgPath = File.separator + "image" + File.separator;
 
     /**
      * word文档转html文档
@@ -103,6 +104,7 @@ public class WordConverterUtils {
             DOMSource domSource = new DOMSource(htmlDocument);
             StreamResult streamResult = new StreamResult(targetFile);
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             Transformer serializer = tf.newTransformer();
             serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
             serializer.setOutputProperty(OutputKeys.INDENT, "yes");
@@ -149,6 +151,7 @@ public class WordConverterUtils {
             StringWriter stringWriter = new StringWriter();
             StreamResult streamResult = new StreamResult(stringWriter);
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             Transformer serializer = tf.newTransformer();
             serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
             serializer.setOutputProperty(OutputKeys.INDENT, "yes");

amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/utils/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -78,6 +79,7 @@ public class WordHtml implements AbstractHtml {
             out = new ByteArrayOutputStream();
             streamResult = new StreamResult(out);
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             // 创建执行从 Source 到 Result 的复制的新 Transformer。
             Transformer serializer = tf.newTransformer();
             serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -161,7 +163,9 @@ public class WordHtml implements AbstractHtml {
             //讲转换后的结果输出到 stm 中即 F:\123.html
             Result result = new StreamResult(stm);
             //根据XSL文件创建准个转换对象
-            Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
+            TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            Transformer transformer = transformerFactory.newTransformer(template);
             //处理xml进行交换
             transformer.transform(source, result);
         } catch (FileNotFoundException e) {

amos-boot-module/amos-boot-module-biz/amos-boot-module-fas-biz/src/main/java/com/yeejoin/amos/fas/core/util/WordConverterUtils.java

@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
 import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
 import org.apache.poi.xwpf.usermodel.XWPFDocument;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -26,7 +27,7 @@ public class WordConverterUtils {
 	/**
 	 * 图片存储相对文档路径
 	 */
-	private static String imgPath = "\\image\\";
+	private static String imgPath = File.separator + "image" + File.separator;
 
 	/**
 	 * word文档转html文档
@@ -104,6 +105,7 @@ public class WordConverterUtils {
 			DOMSource domSource = new DOMSource(htmlDocument);
 			StreamResult streamResult = new StreamResult(targetFile);
 			TransformerFactory tf = TransformerFactory.newInstance();
+			tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			Transformer serializer = tf.newTransformer();
 			serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
 			serializer.setOutputProperty(OutputKeys.INDENT, "yes");
@@ -150,6 +152,7 @@ public class WordConverterUtils {
 			StringWriter stringWriter = new StringWriter();
 			StreamResult streamResult = new StreamResult(stringWriter);
 			TransformerFactory tf = TransformerFactory.newInstance();
+			tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			Transformer serializer = tf.newTransformer();
 			serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
 			serializer.setOutputProperty(OutputKeys.INDENT, "yes");

amos-boot-module/amos-boot-module-biz/amos-boot-module-fas-biz/src/main/java/org/apache/poi/hwpf/converter/WordToHtmlConverter.java

@@ -29,6 +29,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerFactory;
@@ -126,6 +127,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
         StreamResult streamResult = new StreamResult( new File(args[1]) );
 
         TransformerFactory tf = TransformerFactory.newInstance();
+        tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         Transformer serializer = tf.newTransformer();
         // TODO set encoding from a command argument
         serializer.setOutputProperty( OutputKeys.ENCODING, "UTF-8" );

amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/SocketClient.java

@@ -5,7 +5,6 @@ import org.slf4j.LoggerFactory;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;
 
-import java.io.File;
 import java.io.FileInputStream;
 import java.io.OutputStream;
 import java.net.*;
@@ -20,9 +19,9 @@ import static com.yeejoin.amos.boot.module.jcs.biz.audioToText.util.SpeechTransc
 public class SocketClient {
     private static final Logger logger = LoggerFactory.getLogger(SocketClient.class);
     private static final String[] testFilePath = {
-            "C:\\Users\\DELL\\Desktop\\yuyin\\out1.pcm",
-            "C:\\Users\\DELL\\Desktop\\yuyin\\out.pcm",
+            // * 此处写的文件路径地址不要提交到git, 国网电科院SCA扫描会报告为漏洞: 存在“便携性缺陷”
     };
+    private static final String filePath = "";  // * 此处写的文件路径地址不要提交到git, 国网电科院SCA扫描会报告为漏洞: 存在“便携性缺陷”
 
     public static void main(String[] args) throws SocketException {
         SocketClient socketClient = new SocketClient();
@@ -35,15 +34,15 @@ public class SocketClient {
         if (type >= testFilePath.length) type -= 1;
 
         try (DatagramSocket datagramSocket = new DatagramSocket();
-             FileInputStream fis = new FileInputStream(new File("C:\\Users\\DELL\\Desktop\\ffmpeg-4.4-full_build-shared\\bin\\out.pcm"));) {
+             FileInputStream fis = new FileInputStream(filePath);) {
             byte[] b = new byte[1280];
             int len;
             while ((len = fis.read(b)) > 0) {
-                String logs= String.format("send data pack length: %s",len);
+                String logs = String.format("send data pack length: %s", len);
 
-                logger.error( logs);
+                logger.error(logs);
 
-                datagramSocket.send(new DatagramPacket(b, b.length,InetAddress.getLocalHost(), port));
+                datagramSocket.send(new DatagramPacket(b, b.length, InetAddress.getLocalHost(), port));
                 int deltaSleep = getSleepDelta(len, 16000);
                 Thread.sleep(deltaSleep);
                 TimeUnit.MILLISECONDS.sleep(100);
@@ -60,17 +59,14 @@ public class SocketClient {
         if (type >= testFilePath.length) type -= 1;
 
         try (Socket socket = new Socket();
-             FileInputStream fis = new FileInputStream(new File(testFilePath[type]));) {
+             FileInputStream fis = new FileInputStream(testFilePath[type]);) {
             socket.connect(new InetSocketAddress(InetAddress.getLocalHost().getHostAddress(), port));
             OutputStream outputStream = socket.getOutputStream();
             byte[] b = new byte[4096];
             int len;
             while ((len = fis.read(b)) > 0) {
-
-
-                String logs= String.format("send data pack length: %s",len);
-
-                logger.error( logs);
+                String logs = String.format("send data pack length: %s", len);
+                logger.error(logs);
                 outputStream.write(b);
                 TimeUnit.MILLISECONDS.sleep(200);
             }

amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/util/SpeechTranscriberDemo.java

@@ -220,7 +220,7 @@ public class SpeechTranscriberDemo {
             System.exit(-1);
         }*/
         //本案例使用本地文件模拟发送实时流数据。您在实际使用时，可以实时采集或接收语音流并发送到ASR服务端。
-        String filepath = "C:\\Users\\DELL\\Desktop\\ffmpeg-4.4-full_build-shared\\bin\\1839.pcm";
+        String filepath = "";  // * 此处写的文件路径地址不要提交到git, 国网电科院SCA扫描会报告为漏洞: 存在“便携性缺陷”
         SpeechTranscriberDemo demo = new SpeechTranscriberDemo(appKey, id, secret, url);
         demo.process(filepath);
         demo.shutdown();

amos-boot-module/amos-boot-module-biz/amos-boot-module-latentdanger-biz/src/main/java/com/yeejoin/amos/latentdanger/business/constants/Constants.java

@@ -231,8 +231,6 @@ public class Constants {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";

amos-boot-module/amos-boot-module-biz/amos-boot-module-latentdanger-biz/src/main/java/com/yeejoin/amos/latentdanger/business/util/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
       streamResult = new StreamResult(out);
 
       TransformerFactory tf = TransformerFactory.newInstance();
+      tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       // 创建执行从 Source 到 Result 的复制的新 Transformer。
       Transformer serializer = tf.newTransformer();
       serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
           //讲转换后的结果输出到 stm 中即 F:\123.html
           Result result=new StreamResult(stm);
           //根据XSL文件创建准个转换对象
-          Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        Transformer transformer= transformerFactory.newTransformer(template);
           //处理xml进行交换
           transformer.transform(source, result);
       } catch (FileNotFoundException e) {

amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/constants/XJConstant.java

@@ -263,8 +263,6 @@ public class XJConstant {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";

amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/controller/CheckController.java

@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.restful.utils.ResponseHelper;
 import org.typroject.tyboot.core.restful.utils.ResponseModel;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
@@ -387,7 +388,9 @@ public class CheckController extends AbstractBaseController {
             }
 
             Result result = new StreamResult(html);
-            Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
+            TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            Transformer transformer = transformerFactory.newTransformer(template);
 
             transformer.transform(source, result);
 

amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/controller/TaskController.java

@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
 import org.typroject.tyboot.core.restful.doc.TycloudOperation;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
@@ -195,7 +196,9 @@ public class TaskController extends AbstractBaseController{
 	        }
 
 	        Result result=new StreamResult(html);
-	        Transformer transformer  =TransformerFactory.newInstance().newTransformer(template);
+			 TransformerFactory transformerFactory = TransformerFactory.newInstance();
+			 transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+			 Transformer transformer  = transformerFactory.newTransformer(template);
 			transformer.transform(source, result);
 
 			File htmlFile = new File(html);

amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/util/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
       streamResult = new StreamResult(out);
 
       TransformerFactory tf = TransformerFactory.newInstance();
+      tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       // 创建执行从 Source 到 Result 的复制的新 Transformer。
       Transformer serializer = tf.newTransformer();
       serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
           //讲转换后的结果输出到 stm 中即 F:\123.html
           Result result=new StreamResult(stm);
           //根据XSL文件创建准个转换对象
-          Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        Transformer transformer= transformerFactory.newTransformer(template);
           //处理xml进行交换
           transformer.transform(source, result);
       } catch (FileNotFoundException e) {

amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/constants/XJConstant.java

@@ -263,8 +263,6 @@ public class XJConstant {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";

amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/controller/CheckController.java

@@ -31,6 +31,7 @@ import com.yeejoin.amos.patrol.mqtt.WebMqttComponent;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -47,14 +48,15 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
 import org.typroject.tyboot.core.restful.doc.TycloudOperation;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
 import java.io.*;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.stream.Collectors;
 
@@ -848,16 +850,19 @@ public class CheckController extends AbstractBaseController {
             return CommonResponseUtil.failure();
         }
         InputStream inputStream = new ByteArrayInputStream(xml.getBytes());
-        ;
         Source source = new StreamSource(inputStream);
         try {
-            FileInputStream fis1 = new FileInputStream(
-                    this.getClass().getResource("/").getPath() + "temp/checkTemplate.xsl");
+            String filePath = Objects.requireNonNull(this.getClass().getResource("/")).getPath() + "temp" + File.separator + "checkTemplate.xsl";
+            if (Files.notExists(Paths.get(filePath))) {
+                throw new RuntimeException("模板文件不存在");
+            }
+            FileInputStream fis1 = new FileInputStream(FilenameUtils.normalize(filePath));
             Source template = new StreamSource(fis1);
             Date date = new Date();
             String path = request.getSession().getServletContext().getRealPath("/");
-            String dir = path.substring(0, path.indexOf(File.separator) + 1) + "check";
-            String html = path.substring(0, path.indexOf(File.separator) + 1) + "check" + File.separator + "task_"
+            String subPath = path.substring(0, path.indexOf(File.separator) + 1);
+            String dir = subPath + "check";
+            String html = subPath + "check" + File.separator + "task_"
                     + date.getTime() + ".html";
             File dirFile = new File(dir);
             if (!dirFile.exists()) {
@@ -865,13 +870,15 @@ public class CheckController extends AbstractBaseController {
             }
 
             Result result = new StreamResult(html);
-            Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
+            TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            Transformer transformer = transformerFactory.newTransformer(template);
 
             transformer.transform(source, result);
 
             File htmlFile = new File(html);
             FileInputStream fis = new FileInputStream(htmlFile);
-            String data = IOUtils.toString(fis, "utf-8");
+            String data = IOUtils.toString(fis, StandardCharsets.UTF_8);
             fis.close();
             if (htmlFile.exists()) {
                 htmlFile.delete();

amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/controller/TaskController.java

@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
 import org.typroject.tyboot.core.restful.doc.TycloudOperation;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
@@ -195,7 +196,9 @@ public class TaskController extends AbstractBaseController{
 	        }
 
 	        Result result=new StreamResult(html);
-	        Transformer transformer  =TransformerFactory.newInstance().newTransformer(template);
+			 TransformerFactory transformerFactory = TransformerFactory.newInstance();
+			 transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+	        Transformer transformer  = transformerFactory.newTransformer(template);
 			transformer.transform(source, result);
 
 			File htmlFile = new File(html);

amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
       streamResult = new StreamResult(out);
 
       TransformerFactory tf = TransformerFactory.newInstance();
+      tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       // 创建执行从 Source 到 Result 的复制的新 Transformer。
       Transformer serializer = tf.newTransformer();
       serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -204,11 +206,13 @@ public class WordHtml implements AbstractHtml {
           fis1 = new FileInputStream(xsltPath);
           Source template=new StreamSource(fis1);
 
-          PrintStream stm=new PrintStream(new File(hrmlPath));
+          PrintStream stm=new PrintStream(hrmlPath);
           //讲转换后的结果输出到 stm 中即 F:\123.html
           Result result=new StreamResult(stm);
           //根据XSL文件创建准个转换对象
-          Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        Transformer transformer= transformerFactory.newTransformer(template);
           //处理xml进行交换
           transformer.transform(source, result);
       } catch (FileNotFoundException e) {

amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/constants/XJConstant.java

@@ -263,8 +263,6 @@ public class XJConstant {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";

amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/controller/CheckController.java

@@ -46,6 +46,7 @@ import org.typroject.tyboot.core.restful.utils.ResponseHelper;
 import org.typroject.tyboot.core.restful.utils.ResponseModel;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
@@ -420,7 +421,9 @@ public class CheckController extends AbstractBaseController {
             }
 
             Result result = new StreamResult(html);
-            Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
+            TransformerFactory transformerFactory = TransformerFactory.newInstance();
+            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            Transformer transformer = transformerFactory.newTransformer(template);
 
             transformer.transform(source, result);
 

amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/controller/TaskController.java

@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
 import org.typroject.tyboot.core.restful.doc.TycloudOperation;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
@@ -194,8 +195,10 @@ public class TaskController extends AbstractBaseController{
 	        	dirFile.mkdirs();
 	        }
 
-	        Result result=new StreamResult(html);
-	        Transformer transformer  =TransformerFactory.newInstance().newTransformer(template);
+			 Result result = new StreamResult(html);
+			 TransformerFactory transformerFactory = TransformerFactory.newInstance();
+			 transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+			 Transformer transformer = transformerFactory.newTransformer(template);
 			 transformer.transform(source, result);
 
 			File htmlFile = new File(html);

amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/util/WordHtml.java

@@ -15,6 +15,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.*;
@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
       streamResult = new StreamResult(out);
 
       TransformerFactory tf = TransformerFactory.newInstance();
+      tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       // 创建执行从 Source 到 Result 的复制的新 Transformer。
       Transformer serializer = tf.newTransformer();
       serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
           //讲转换后的结果输出到 stm 中即 F:\123.html
           Result result=new StreamResult(stm);
           //根据XSL文件创建准个转换对象
-          Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        Transformer transformer= transformerFactory.newTransformer(template);
           //处理xml进行交换
           transformer.transform(source, result);
       } catch (FileNotFoundException e) {

amos-boot-system-equip/src/main/resources/mapper/FormInstanceEquipMapper.xml

@@ -15,7 +15,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode,
         <foreach collection="fieldNames" item="value" index="key" separator=",">
-            MAX(CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) as ${key}
+            MAX(CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         wl_form_instance_equip i
@@ -28,10 +28,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldNames[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldNames[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                 </choose>
             </foreach>
@@ -67,7 +67,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldNames" item="value" open="," index="key" separator=",">
-            MAX( CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) ${key}
+            MAX( CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) #{key}
         </foreach>
         from
         wl_form_instance_equip i
@@ -80,10 +80,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldNames[key] == 'like' and value !=null and value !=''">
-                        AND d.${key} like concat('%',#{value},'%')
+                        AND d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldNames[key] == 'eq' and value !=null and value !=''">
-                        AND d.${key} = #{value}
+                        AND d.#{key} = #{value}
                     </when>
                 </choose>
 

amos-boot-system-equip/src/main/resources/mapper/FormInstanceMapper.xml

@@ -15,7 +15,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode,
         <foreach collection="fieldNames" item="value" index="key" separator=",">
-            MAX(CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) as ${key}
+            MAX(CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) as #{key}
         </foreach>
         from
         wl_form_instance i
@@ -28,10 +28,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldNames[key] == 'like' and value !=null and value !=''">
-                        and d.${key} like concat('%',#{value},'%')
+                        and d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldNames[key] == 'eq' and value !=null and value !=''">
-                        and d.${key} = #{value}
+                        and d.#{key} = #{value}
                     </when>
                 </choose>
             </foreach>
@@ -67,7 +67,7 @@
         i.INSTANCE_ID instanceId,
         i.GROUP_CODE groupCode
         <foreach collection="fieldNames" item="value" open="," index="key" separator=",">
-            MAX( CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) ${key}
+            MAX( CASE WHEN i.FIELD_NAME = #{key} THEN i.FIELD_VALUE END) #{key}
         </foreach>
         from
         wl_form_instance i
@@ -80,10 +80,10 @@
             <foreach collection="params" index="key" item="value" separator="">
                 <choose>
                     <when test="fieldNames[key] == 'like' and value !=null and value !=''">
-                        AND d.${key} like concat('%',#{value},'%')
+                        AND d.#{key} like concat('%',#{value},'%')
                     </when>
                     <when test="fieldNames[key] == 'eq' and value !=null and value !=''">
-                        AND d.${key} = #{value}
+                        AND d.#{key} = #{value}
                     </when>
                 </choose>
 

amos-boot-system-knowledgebase/src/main/resources/mapper/KnowledgeDocContentMapper.xml

@@ -38,7 +38,7 @@
             and dc.USER_ID = #{userId}
         </if>
         <if test="orgCode != null and orgCode !=''">
-            and dc.ORG_CODE like '%${orgCode}%'
+            and dc.ORG_CODE like '%#{orgCode}%'
         </if>
                 )
         UNION ALL
@@ -70,7 +70,7 @@
 		                and dc.USER_ID = #{userId}
         </if>
         <if test="orgCode != null and orgCode !=''">
-		                and dc.ORG_CODE like '%${orgCode}%'
+		                and dc.ORG_CODE like '%#{orgCode}%'
         </if>
                 )
                 )d LIMIT #{offset},#{length}
@@ -84,7 +84,7 @@
           (SELECT kdc.CATEGORY_NAME FROM knowledge_doc_category kdc WHERE kdc.SEQUENCE_NBR = DIRECTORY_ID) directoryName,
           <if test="extraFields != null and extraFields.size > 0">
             <foreach collection="extraFields" item="_field" >
-                ${_field},
+                #{_field},
             </foreach>
           </if>
           IFNULL(collectNum, 0) collectNum, IFNULL(quoteNum, 0) quoteNum, IFNULL(collect, "UNCOLLECT") collect
@@ -92,7 +92,7 @@
             SELECT INSTANCE_ID
               <if test="extraFields != null and extraFields.size > 0">
                   <foreach collection="extraFields" item="_field" >
-                      , MAX(CASE FIELD_NAME WHEN #{_field} THEN FIELD_VALUE ELSE NULL END) AS ${_field}
+                      , MAX(CASE FIELD_NAME WHEN #{_field} THEN FIELD_VALUE ELSE NULL END) AS #{_field}
                   </foreach>
               </if>
             FROM knowledge_dynamics_value
@@ -166,7 +166,7 @@
             </if>
             <if test="extraStrFilters != null and extraStrFilters.size > 0">
                 <foreach collection="extraStrFilters" item="str">
-                    AND ${str}
+                    AND #{str}
                 </foreach>
             </if>
         </where>
@@ -181,7 +181,7 @@
             SELECT INSTANCE_ID
                 <if test="extraFields != null and extraFields.size > 0">
                     <foreach collection="extraFields" item="_field" >
-                        , MAX(CASE FIELD_NAME WHEN #{_field} THEN FIELD_VALUE ELSE NULL END) AS ${_field}
+                        , MAX(CASE FIELD_NAME WHEN #{_field} THEN FIELD_VALUE ELSE NULL END) AS #{_field}
                     </foreach>
                 </if>
             FROM knowledge_dynamics_value
@@ -255,7 +255,7 @@
             </if>
             <if test="extraStrFilters != null and extraStrFilters.size > 0">
                 <foreach collection="extraStrFilters" item="str">
-                    AND ${str}
+                    AND #{str}
                 </foreach>
             </if>
         </where>

amos-boot-system-knowledgebase/src/main/resources/mapper/StatisticsRecordMapper.xml

@@ -343,7 +343,7 @@
 	<select id="tagChartStatistics" resultType="java.util.Map"
 		parameterType="java.util.Map">
 		SELECT
-		COUNT(1) AS datas,${splitSQL} AS level
+		COUNT(1) AS datas,#{splitSQL} AS level
 		FROM
 		knowledge_doc_content kdc
 		LEFT JOIN knowledge_tag_instance kti ON kti.TARGET_SEQ = kdc.SEQUENCE_NBR
@@ -353,7 +353,7 @@
 		WHERE
 	    kti.TAG_NAME = #{tag} AND ktv_time.TAG_VALUE BETWEEN #{startDate} AND #{endDate}
 		GROUP BY
-		${splitSQL}
+		#{splitSQL}
 	</select>
 
 	<select id="docChartStatistics" resultType="java.util.Map"
@@ -384,7 +384,7 @@
 	<select id="tagTimeChartStatistics" resultType="java.util.Map"
 		parameterType="java.util.Map">
 		SELECT
-			COUNT(1) AS datas ,${splitSQL} AS level
+			COUNT(1) AS datas ,#{splitSQL} AS level
 		FROM
 			(
 			SELECT
@@ -409,7 +409,7 @@
 			WHERE
 			   ktv_time.TAG_VALUE BETWEEN #{startDate} AND #{endDate}
 			GROUP BY
-				${splitSQL}
+				#{splitSQL}
 	</select>
 	
 	<select id="docBurnChartStatistics" resultType="java.util.Map"

amos-boot-system-patrol/src/main/resources/db/changelog/init/security-table-map.sql

@@ -25,7 +25,7 @@ CREATE TABLE `s_company` (
   UNIQUE KEY `comp_code` (`comp_code`) USING BTREE,
   UNIQUE KEY `comp_code_2` (`comp_code`) USING BTREE,
   KEY `FK__s_company__s_site_id__38495279` (`site_id`) USING BTREE
-) ENGINE=FEDERATED DEFAULT CHARSET=utf8 CONNECTION='mysql://root:admin_1234@172.16.11.33:3306/safety-precontrol_security_60/s_company';
+) ENGINE=FEDERATED DEFAULT CHARSET=utf8;
 
 DROP TABLE IF EXISTS `s_department`;
 CREATE TABLE `s_department` (
@@ -42,7 +42,7 @@ CREATE TABLE `s_department` (
   `is_delete` bit(1) NOT NULL COMMENT '是否删除：0表示未删除，1表示已删除',
   PRIMARY KEY (`id`),
   KEY `FK__s_departm__compa__74794A92` (`company_id`) USING BTREE
-) ENGINE=FEDERATED DEFAULT CHARSET=utf8 CONNECTION='mysql://root:admin_1234@172.16.11.33:3306/safety-precontrol_security_60/s_department';
+) ENGINE=FEDERATED DEFAULT CHARSET=utf8;
 
 DROP TABLE IF EXISTS `s_user`;
 CREATE TABLE `s_user` (
@@ -73,6 +73,6 @@ CREATE TABLE `s_user` (
   KEY `FK__s_user__departme__7D0E9093` (`department_id`) USING BTREE,
   KEY `FK__s_user__role_id__7E02B4CC` (`role_id`) USING BTREE,
   KEY `FK__s_user__company___7C1A6C5A` (`company_id`) USING BTREE
-) ENGINE=FEDERATED DEFAULT CHARSET=utf8 CONNECTION='mysql://root:admin_1234@172.16.11.33:3306/safety-precontrol_security_60/s_user';
+) ENGINE=FEDERATED DEFAULT CHARSET=utf8;
 
 

amos-boot-system-patrol/src/main/resources/db/mapper/TaskReportMapper.xml

@@ -258,13 +258,13 @@
 		<if test="orgCode != null and orgCode !=''" >
 			And pp.org_code= #{orgCode}
 		</if>
-		AND d.create_date &gt;= '${startDate}'
-		AND d.create_date &lt;= '${endDate}'
+		AND d.create_date &gt;= '#{startDate}'
+		AND d.create_date &lt;= '#{endDate}'
 		<if test="planId != null and planId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = ${planId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
 		</if>
 		<if test="routeId != null and routeId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = ${routeId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = #{routeId})
 		</if>
 		) p
 		GROUP BY
@@ -532,16 +532,16 @@
 		LEFT JOIN p_plan_task pt  on pt.id = d.task_no
 		LEFT JOIN p_plan  pl on  pt.plan_id=pl.id
 		WHERE
-		    d.create_date &gt;= '${startDate}'
-		AND d.create_date &lt;= '${endDate}'
+		    d.create_date &gt;= '#{startDate}'
+		AND d.create_date &lt;= '#{endDate}'
 		<if test="orgCode != null and orgCode !=''" >
 			And (pl.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pl.org_code= #{orgCode} )
 		</if>
 		<if test="planId != null and planId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = ${planId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
 		</if>
 		<if test="routeId != null and routeId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = ${routeId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = #{routeId})
 		</if>
 		) p
 		GROUP BY
@@ -812,13 +812,13 @@
 		<if test="orgCode != null and orgCode !=''" >
 			And (pt.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pt.org_code= #{orgCode} )
 		</if>
-		AND d.create_date &gt;= '${startDate}'
-		AND d.create_date &lt;= '${endDate}'
+		AND d.create_date &gt;= '#{startDate}'
+		AND d.create_date &lt;= '#{endDate}'
 		<if test="planId != null and planId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = ${planId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
 		</if>
 		<if test="routeId != null and routeId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = ${routeId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = #{routeId})
 		</if>
 		) p
 		GROUP BY
@@ -1089,13 +1089,13 @@
 		<if test="orgCode != null and orgCode !=''" >
 			And (pp.org_code LIKE CONCAT( #{orgCode}, '-%' ) or pp.org_code= #{orgCode} )
 		</if>
-		AND d.create_date &gt;= '${startDate}'
-		AND d.create_date &lt;= '${endDate}'
+		AND d.create_date &gt;= '#{startDate}'
+		AND d.create_date &lt;= '#{endDate}'
 		<if test="planId != null and planId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = ${planId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
 		</if>
 		<if test="routeId != null and routeId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = ${routeId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = #{routeId})
 		</if>
 		) p
 		GROUP BY
@@ -1366,13 +1366,13 @@
 		<if test="orgCode != null and orgCode !=''" >
 			And pr.org_code= #{orgCode}
 		</if>
-		AND d.create_date &gt;= '${startDate}'
-		AND d.create_date &lt;= '${endDate}'
+		AND d.create_date &gt;= '#{startDate}'
+		AND d.create_date &lt;= '#{endDate}'
 		<if test="planId != null and planId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = ${planId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.plan_id = #{planId})
 		</if>
 		<if test="routeId != null and routeId !=''" >
-			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = ${routeId})
+			and EXISTS(select 1 from p_plan_task pt where pt.id = d.task_no and pt.route_id = #{routeId})
 		</if>
 		) p
 		GROUP BY
@@ -1541,8 +1541,8 @@ FROM
 		FROM
 			p_plan_task pt
 		WHERE
-			pt.end_time BETWEEN '${startTime}'
-		AND '${endTime}'
+			pt.end_time BETWEEN '#{startTime}'
+		AND '#{endTime}'
 
 		<if test="summation == 'false'">
 			GROUP BY
@@ -1683,8 +1683,8 @@ FROM
         p_plan_task pt
         WHERE
          pt.user_id >0
-        AND pt.end_time BETWEEN '${startTime}'
-        AND '${endTime}'
+        AND pt.end_time BETWEEN '#{startTime}'
+        AND '#{endTime}'
 
         <if test="summation == 'false'">
             GROUP BY

amos-boot-system-patrol/src/main/resources/db/mapper/dbTemplate_check.xml

@@ -96,7 +96,7 @@
             <if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
             <if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
             <if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
-            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('${checkTime}')</if>
+            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
             <if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
             <if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
             <if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
@@ -150,7 +150,7 @@
             <if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
             <if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
             <if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
-            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('${checkTime}')</if>
+            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
             <if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
             <if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
             <if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
@@ -236,7 +236,7 @@
             <if test="catalogId!=null">and b.Catalog_Id = #{catalogId}</if>
             <if test="orgCode!=null">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
             <if test="pointId!=null">and a.point_id = #{pointId}</if>
-            <if test="checkTime!=null">and TO_DAYS(a.check_time) = TO_DAYS('${checkTime}')</if>
+            <if test="checkTime!=null">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
             <if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
             <if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
             <if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
@@ -254,7 +254,7 @@
                 and  d.biz_org_code LIKE CONCAT(#{bizOrgCode},'%')
             </if>
         </trim>
-        order by ${orderBy}
+        order by #{orderBy}
         <choose>
             <when test="pageSize==-1"></when>
             <when test="pageSize!=-1">limit #{offset},#{pageSize}</when>
@@ -404,7 +404,7 @@
             <if test="catalogId!=null and catalogId!=''">and b.Catalog_Id = #{catalogId}</if>
             <if test="orgCode!=null and orgCode!=''">and (a.org_Code like concat (#{orgCode},"-%")or a.org_Code= #{orgCode})</if>
             <if test="pointId!=null and pointId!=''">and a.point_id = #{pointId}</if>
-            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('${checkTime}')</if>
+            <if test="checkTime!=null and checkTime!=''">and TO_DAYS(a.check_time) = TO_DAYS('#{checkTime}')</if>
             <if test="departmentId!=null and departmentId!='-1'"> and find_in_set(#{departmentId}, a.dep_id) > 0</if>
             <if test="checkType == '计划检查'">and a.plan_task_id &gt; 0</if>
             <if test="checkType == '无计划检查'">and a.plan_task_id &lt;= 0</if>
@@ -425,7 +425,7 @@
             <if test="isExecute!=null and isExecute!='' and isExecute == '3'">and a.is_OK != #{isExecute}</if>
         </trim>
         order by
-            ${orderBy}
+            #{orderBy}
         <choose>
             <when test="pageSize==-1"></when>
             <when test="pageSize!=-1">limit #{offset}, #{pageSize}</when>
@@ -476,7 +476,7 @@
                 and a.org_code LIKE CONCAT(#{bizOrgCode},'%')
             </if>
         </trim>
-        order by ${orderBy}
+        order by #{orderBy}
         <choose>
             <when test="pageSize==-1"></when>
             <when test="pageSize!=-1">limit #{offset},#{pageSize}</when>

amos-boot-system-patrol/src/main/resources/db/mapper/dbTemplate_input_item.xml

@@ -436,7 +436,7 @@
 			and a.key_parts_type is not null
 		</if>
 		<if test="ids != null and ids != ''">
-			and a.id in (${ids})
+			and a.id in (#{ids})
 		</if>
 		<if test="treeId != null and treeId != '' and treeId == '-5'">
 			and a.custom_type is not null

amos-boot-system-patrol/src/main/resources/db/mapper/dbTemplate_plan_task.xml

@@ -237,7 +237,7 @@
 
 			) a
 		<include refid="plan-task-app-where"/>
-		<if test="orderBy != null and orderBy != ''"> order by ${orderBy} </if>
+		<if test="orderBy != null and orderBy != ''"> order by #{orderBy} </if>
 		limit #{offset},#{pageSize}
 	</select>
 	<select id="getPlanTasksCount" resultType="long">
@@ -856,10 +856,10 @@
 			ppc.id,
 			',|,',
 			ppc.id,
-			'$',
+			'#',
 			'|^',
 			ppc.id,
-			'$'
+			'#'
 			)
 		LEFT JOIN p_route_point_item prpi ON prpi.point_input_item_id = pii.id,
 		 (

amos-boot-utils/amos-boot-utils-jpush/src/main/java/com/yeejoin/amos/jpush/service/constants/XJConstant.java

@@ -247,8 +247,6 @@ public class XJConstant {
      * xunjian
      */
     public static final String TABLE_USERS = "Users";
-    public static final String EDIT_PWD = "editPassword";
-    public static final String EDIT_NOT_PWD = "editUsersInfo";
     public static final String SAVE_USERS = "saveTableById";
     public static final String SAVE_COM_USER = "saveComUserInfo";
     public static final String EDIT_COM_USER = "editComUserInfo";