From 3363d7b12dd4578801a544e1455b5edc2c2af9f6 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期三, 18 十一月 2020 10:52:33 +0800
Subject: [PATCH] 同步升级 3.2.1 修复重大bug 阻止任意文件下载漏洞

---
 ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml b/ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml
index a1c926a..fe1fc2a 100644
--- a/ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml
+++ b/ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml
@@ -75,7 +75,7 @@
 			AND date_format(u.create_time,'%y%m%d') &lt;= date_format(#{endTime},'%y%m%d')
 		</if>
 		<if test="deptId != null and deptId != 0">
-			AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM sys_dept t WHERE FIND_IN_SET (#{deptId},ancestors) ))
+			AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM sys_dept t WHERE find_in_set(#{deptId}, ancestors) ))
 		</if>
 		<!-- 鏁版嵁鑼冨洿杩囨护 -->
 		${params.dataScope}

--
Gitblit v1.9.3