From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java | 54 ++++++++++++++++++++++++++----------------------------
1 files changed, 26 insertions(+), 28 deletions(-)
diff --git a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
index cdbfd3c..217538e 100644
--- a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
+++ b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
@@ -10,10 +10,10 @@
import com.alibaba.excel.util.StringUtils;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
import org.apache.batik.transcoder.TranscoderInput;
import org.apache.batik.transcoder.TranscoderOutput;
import org.apache.batik.transcoder.image.PNGTranscoder;
-import org.apache.commons.io.IOUtils;
import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.mybatis.core.page.PageQuery;
import org.dromara.common.mybatis.core.page.TableDataInfo;
@@ -34,8 +34,12 @@
import org.flowable.bpmn.model.Process;
import org.flowable.bpmn.model.UserTask;
import org.flowable.engine.RepositoryService;
-import org.flowable.engine.repository.*;
+import org.flowable.engine.repository.Deployment;
+import org.flowable.engine.repository.Model;
+import org.flowable.engine.repository.ModelQuery;
+import org.flowable.engine.repository.ProcessDefinition;
import org.flowable.validation.ValidationError;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -46,7 +50,6 @@
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
@@ -58,13 +61,15 @@
*
* @author may
*/
+@Slf4j
@RequiredArgsConstructor
@Service
public class ActModelServiceImpl implements IActModelService {
- private final RepositoryService repositoryService;
- private final IWfNodeConfigService iWfNodeConfigService;
- private final IWfDefinitionConfigService iWfDefinitionConfigService;
+ @Autowired(required = false)
+ private RepositoryService repositoryService;
+ private final IWfNodeConfigService wfNodeConfigService;
+ private final IWfDefinitionConfigService wfDefinitionConfigService;
/**
* 鍒嗛〉鏌ヨ妯″瀷
@@ -130,7 +135,7 @@
repositoryService.addModelEditorSource(model.getId(), StrUtil.utf8Bytes(xml));
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -156,6 +161,7 @@
modelVo.setDescription(model.getMetaInfo());
return modelVo;
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -180,6 +186,7 @@
model.setMetaInfo(modelBo.getDescription());
repositoryService.saveModel(model);
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
return true;
@@ -229,7 +236,7 @@
repositoryService.addModelEditorSourceExtra(model.getId(), result);
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -249,7 +256,7 @@
if (ArrayUtil.isEmpty(xmlBytes)) {
throw new ServiceException("妯″瀷鏁版嵁涓虹┖锛岃鍏堣璁℃祦绋嬪畾涔夋ā鍨嬶紝鍐嶈繘琛岄儴缃诧紒");
}
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString()))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8))) {
byte[] bytes = ModelUtils.bpmnJsonToXmlBytes(xmlBytes);
if (ArrayUtil.isEmpty(bytes)) {
throw new ServiceException("妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒");
@@ -290,16 +297,16 @@
repositoryService.setProcessDefinitionCategory(definition.getId(), model.getCategory());
//鏇存柊娴佺▼瀹氫箟閰嶇疆
if (processDefinition != null) {
- WfDefinitionConfigVo definitionVo = iWfDefinitionConfigService.getByDefId(processDefinition.getId());
+ WfDefinitionConfigVo definitionVo = wfDefinitionConfigService.getByDefId(processDefinition.getId());
if (definitionVo != null) {
- iWfDefinitionConfigService.deleteByDefIds(Collections.singletonList(processDefinition.getId()));
+ wfDefinitionConfigService.deleteByDefIds(Collections.singletonList(processDefinition.getId()));
WfDefinitionConfigBo wfFormDefinition = new WfDefinitionConfigBo();
wfFormDefinition.setDefinitionId(definition.getId());
wfFormDefinition.setProcessKey(definition.getKey());
wfFormDefinition.setTableName(definitionVo.getTableName());
wfFormDefinition.setVersion(definition.getVersion());
wfFormDefinition.setRemark(definitionVo.getRemark());
- iWfDefinitionConfigService.saveOrUpdate(wfFormDefinition);
+ wfDefinitionConfigService.saveOrUpdate(wfFormDefinition);
}
}
//鏇存柊娴佺▼鑺傜偣閰嶇疆琛ㄥ崟
@@ -320,11 +327,11 @@
}
}
if (CollUtil.isNotEmpty(wfNodeConfigList)) {
- iWfNodeConfigService.saveOrUpdate(wfNodeConfigList);
+ wfNodeConfigService.saveOrUpdate(wfNodeConfigList);
}
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -337,9 +344,7 @@
*/
@Override
public void exportZip(List<String> modelIds, HttpServletResponse response) {
- ZipOutputStream zos = null;
- try {
- zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8);
+ try (ZipOutputStream zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8)) {
// 鍘嬬缉鍖呮枃浠跺悕
String zipName = "妯″瀷涓嶅瓨鍦�";
// 鏌ヨ妯″瀷鍩烘湰淇℃伅
@@ -347,7 +352,7 @@
Model model = repositoryService.getModel(modelId);
byte[] xmlBytes = repositoryService.getModelEditorSource(modelId);
if (ObjectUtil.isNotNull(model)) {
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString())) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8)) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
zipName = "妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒";
zos.putNextEntry(new ZipEntry(zipName + ".txt"));
zos.write(zipName.getBytes(StandardCharsets.UTF_8));
@@ -367,19 +372,11 @@
}
response.setHeader("Content-Disposition",
"attachment; filename=" + URLEncoder.encode(zipName, StandardCharsets.UTF_8) + ".zip");
+ response.addHeader("Access-Control-Expose-Headers", "Content-Disposition");
// 鍒峰嚭鍝嶅簲娴�
response.flushBuffer();
} catch (IOException e) {
- e.printStackTrace();
- } finally {
- if (zos != null) {
- try {
- zos.closeEntry();
- zos.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
+ log.error(e.getMessage(), e);
}
}
@@ -426,6 +423,7 @@
}
}
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
return true;
--
Gitblit v1.9.3