From 8ed7916b617ed7a602817d976d4779a6c9af1d99 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Fri, 30 Jul 2021 11:28:46 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=9A=E6=97=B6=E4=BB=BB=E5=8A=A1=E5=B1=8F?= =?UTF-8?q?=E8=94=BDhttp(s)=E8=BF=9C=E7=A8=8B=E8=B0=83=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/ruoyi/common/utils/StringUtils.java | 23 ++++++++++++ .../quartz/controller/SysJobController.java | 36 +++++++++++-------- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java index ca12798..8df5617 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java @@ -324,6 +324,29 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils return list; } + /** + * 查找指定字符串是否包含指定字符串列表中的任意一个字符串同时串忽略大小写 + * + * @param cs 指定字符串 + * @param searchCharSequences 需要检查的字符串数组 + * @return 是否包含任意一个字符串 + */ + public static boolean containsAnyIgnoreCase(CharSequence cs, CharSequence... searchCharSequences) + { + if (isEmpty(cs) || isEmpty(searchCharSequences)) + { + return false; + } + for (CharSequence testStr : searchCharSequences) + { + if (containsIgnoreCase(cs, testStr)) + { + return true; + } + } + return false; + } + /** * 驼峰转下划线命名 */ diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java index e779b64..4d37ee9 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java @@ -79,18 +79,22 @@ public class SysJobController extends BaseController @PreAuthorize("@ss.hasPermi('monitor:job:add')") @Log(title = "定时任务", businessType = BusinessType.INSERT) @PostMapping - public AjaxResult add(@RequestBody SysJob sysJob) throws SchedulerException, TaskException + public AjaxResult add(@RequestBody SysJob job) throws SchedulerException, TaskException { - if (!CronUtils.isValid(sysJob.getCronExpression())) + if (!CronUtils.isValid(job.getCronExpression())) { - return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,Cron表达式不正确"); + return error("新增任务'" + job.getJobName() + "'失败,Cron表达式不正确"); } - else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI)) + else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI)) { - return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); + return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } - sysJob.setCreateBy(SecurityUtils.getUsername()); - return toAjax(jobService.insertJob(sysJob)); + else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) + { + return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); + } + job.setCreateBy(SecurityUtils.getUsername()); + return toAjax(jobService.insertJob(job)); } /** @@ -99,18 +103,22 @@ public class SysJobController extends BaseController @PreAuthorize("@ss.hasPermi('monitor:job:edit')") @Log(title = "定时任务", businessType = BusinessType.UPDATE) @PutMapping - public AjaxResult edit(@RequestBody SysJob sysJob) throws SchedulerException, TaskException + public AjaxResult edit(@RequestBody SysJob job) throws SchedulerException, TaskException { - if (!CronUtils.isValid(sysJob.getCronExpression())) + if (!CronUtils.isValid(job.getCronExpression())) + { + return error("修改任务'" + job.getJobName() + "'失败,Cron表达式不正确"); + } + else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI)) { - return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,Cron表达式不正确"); + return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } - else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI)) + else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) { - return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); + return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); } - sysJob.setUpdateBy(SecurityUtils.getUsername()); - return toAjax(jobService.updateJob(sysJob)); + job.setUpdateBy(SecurityUtils.getUsername()); + return toAjax(jobService.updateJob(job)); } /**