From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: Fri, 10 Mar 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中，用户多角色情况下，若所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，会导致用户拥有全部数据权限，所以要限制一下, 可以根据conditions集合是否为空，来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。

---
 ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java b/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
index 4316372..34d0700 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
@@ -1,5 +1,6 @@
 package com.ruoyi.common.xss;
 
+import com.ruoyi.common.utils.StringUtils;
 import javax.validation.ConstraintValidator;
 import javax.validation.ConstraintValidatorContext;
 import java.util.regex.Matcher;
@@ -12,15 +13,19 @@
  */
 public class XssValidator implements ConstraintValidator<Xss, String>
 {
-    private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
+    private static final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
 
     @Override
     public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
     {
+        if (StringUtils.isBlank(value))
+        {
+            return true;
+        }
         return !containsHtml(value);
     }
 
-    public boolean containsHtml(String value)
+    public static boolean containsHtml(String value)
     {
         Pattern pattern = Pattern.compile(HTML_PATTERN);
         Matcher matcher = pattern.matcher(value);

--
Gitblit v1.9.2