From b4f9d3a8f238e3d40d97f0d947b5b4b302d0c04e Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期四, 27 五月 2021 22:06:36 +0800
Subject: [PATCH] update 优化dataScope参数防止注入

---
 ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java
index fbf6ec8..7c76c57 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java
@@ -55,10 +55,10 @@
                 .eq(StrUtil.isNotBlank(config.getConfigType()), SysConfig::getConfigType, config.getConfigType())
                 .like(StrUtil.isNotBlank(config.getConfigKey()), SysConfig::getConfigKey, config.getConfigKey())
                 .apply(Validator.isNotEmpty(params.get("beginTime")),
-                        "date_format(create_time,'%y%m%d') >= date_format(#{0},'%y%m%d')",
+                        "date_format(create_time,'%y%m%d') >= date_format({0},'%y%m%d')",
                         params.get("beginTime"))
                 .apply(Validator.isNotEmpty(params.get("endTime")),
-                        "date_format(create_time,'%y%m%d') <= date_format(#{0},'%y%m%d')",
+                        "date_format(create_time,'%y%m%d') <= date_format({0},'%y%m%d')",
                         params.get("endTime"));
         return PageUtils.buildDataInfo(page(PageUtils.buildPage(), lqw));
     }
@@ -110,10 +110,10 @@
                 .eq(StrUtil.isNotBlank(config.getConfigType()), SysConfig::getConfigType, config.getConfigType())
                 .like(StrUtil.isNotBlank(config.getConfigKey()), SysConfig::getConfigKey, config.getConfigKey())
                 .apply(Validator.isNotEmpty(params.get("beginTime")),
-                        "date_format(create_time,'%y%m%d') >= date_format(#{0},'%y%m%d')",
+                        "date_format(create_time,'%y%m%d') >= date_format({0},'%y%m%d')",
                         params.get("beginTime"))
                 .apply(Validator.isNotEmpty(params.get("endTime")),
-                        "date_format(create_time,'%y%m%d') >= date_format(#{0},'%y%m%d')",
+                        "date_format(create_time,'%y%m%d') <= date_format({0},'%y%m%d')",
                         params.get("endTime"));
         return baseMapper.selectList(lqw);
     }

--
Gitblit v1.9.3