From c1db17dd771f202647ec56898f6b09cf00947a26 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 26 五月 2020 11:54:46 +0800
Subject: [PATCH] 限制外链地址必须以http(s)://开头
---
ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java | 10 ++++++++++
ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java | 2 +-
ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java | 12 ++++++++++++
ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java | 8 +++++++-
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java b/ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java
index 63ea9ed..768bc24 100644
--- a/ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java
+++ b/ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java
@@ -20,6 +20,16 @@
public static final String GBK = "GBK";
/**
+ * http璇锋眰
+ */
+ public static final String HTTP = "http://";
+
+ /**
+ * https璇锋眰
+ */
+ public static final String HTTPS = "https://";
+
+ /**
* 閫氱敤鎴愬姛鏍囪瘑
*/
public static final String SUCCESS = "0";
diff --git a/ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java b/ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java
index 03f12e7..df6992a 100644
--- a/ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java
+++ b/ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java
@@ -26,7 +26,7 @@
/** 閮ㄩ棬姝e父鐘舵�� */
public static final String DEPT_NORMAL = "0";
-
+
/** 閮ㄩ棬鍋滅敤鐘舵�� */
public static final String DEPT_DISABLE = "1";
@@ -36,6 +36,12 @@
/** 鏄惁涓虹郴缁熼粯璁わ紙鏄級 */
public static final String YES = "Y";
+ /** 鏄惁鑿滃崟澶栭摼锛堟槸锛� */
+ public static final String YES_FRAME = "0";
+
+ /** 鏄惁鑿滃崟澶栭摼锛堝惁锛� */
+ public static final String NO_FRAME = "1";
+
/** 鏍¢獙杩斿洖缁撴灉鐮� */
public final static String UNIQUE = "0";
public final static String NOT_UNIQUE = "1";
diff --git a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
index 35ca406..a958f62 100644
--- a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
+++ b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
@@ -12,9 +12,11 @@
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.Log;
import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
import com.ruoyi.framework.security.LoginUser;
@@ -100,6 +102,11 @@
{
return AjaxResult.error("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
}
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+ && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ {
+ return AjaxResult.error("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
+ }
menu.setCreateBy(SecurityUtils.getUsername());
return toAjax(menuService.insertMenu(menu));
}
@@ -116,6 +123,11 @@
{
return AjaxResult.error("淇敼鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
}
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+ && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ {
+ return AjaxResult.error("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
+ }
menu.setUpdateBy(SecurityUtils.getUsername());
return toAjax(menuService.updateMenu(menu));
}
diff --git a/ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java b/ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java
index 31eb70b..d5aff8e 100644
--- a/ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java
+++ b/ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java
@@ -298,7 +298,7 @@
{
String routerPath = menu.getPath();
// 闈炲閾惧苟涓旀槸涓�绾х洰褰�
- if (0 == menu.getParentId() && "1".equals(menu.getIsFrame()))
+ if (0 == menu.getParentId() && UserConstants.NO_FRAME.equals(menu.getIsFrame()))
{
routerPath = "/" + menu.getPath();
}
--
Gitblit v1.9.3