From b4f9d3a8f238e3d40d97f0d947b5b4b302d0c04e Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期四, 27 五月 2021 22:06:36 +0800
Subject: [PATCH] update 优化dataScope参数防止注入

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
index 28be0fe..2f303ba 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
@@ -19,6 +19,8 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 /**
@@ -50,6 +52,12 @@
 	 */
 	@GetMapping("/captchaImage")
 	public AjaxResult getCode() {
+		Map<String, Object> ajax = new HashMap<>();
+		Boolean enabled = captchaProperties.getEnabled();
+		ajax.put("enabled", enabled);
+		if (!enabled) {
+			return AjaxResult.success(ajax);
+		}
 		// 淇濆瓨楠岃瘉鐮佷俊鎭�
 		String uuid = IdUtil.simpleUUID();
 		String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
@@ -88,10 +96,9 @@
 			code = captcha.getCode();
 		}
 		redisCache.setCacheObject(verifyKey, code, Constants.CAPTCHA_EXPIRATION, TimeUnit.MINUTES);
-		AjaxResult ajax = AjaxResult.success();
 		ajax.put("uuid", uuid);
 		ajax.put("img", captcha.getImageBase64());
-		return ajax;
+		return AjaxResult.success(ajax);
 	}
 
 	private String getCodeResult(String capStr) {

--
Gitblit v1.9.3