From 61034d4ddecd0b3056a7fb38a737b0e0cfc33b9c Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: Sun, 27 Mar 2022 14:36:31 +0800
Subject: [PATCH] 优化导出excel单元格验证,包含变更为开头.防止正常内容被替换
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java | 54 +++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
index f852f95..9a837c4 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
@@ -9,6 +9,8 @@
import java.lang.reflect.Method;
import java.math.BigDecimal;
import java.text.DecimalFormat;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
@@ -20,6 +22,7 @@
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.RegExUtils;
import org.apache.poi.hssf.usermodel.HSSFClientAnchor;
import org.apache.poi.hssf.usermodel.HSSFPicture;
import org.apache.poi.hssf.usermodel.HSSFPictureData;
@@ -86,6 +89,8 @@
{
private static final Logger log = LoggerFactory.getLogger(ExcelUtil.class);
+ public static final String FORMULA_REGEX_STR = "=|-|\\+|@";
+
public static final String[] FORMULA_STR = { "=", "-", "+", "@" };
/**
@@ -132,7 +137,7 @@
* 当前行号
*/
private int rownum;
-
+
/**
* 标题
*/
@@ -314,7 +319,7 @@
String dateFormat = field.getAnnotation(Excel.class).dateFormat();
if (StringUtils.isNotEmpty(dateFormat))
{
- val = DateUtils.parseDateToStr(dateFormat, (Date) val);
+ val = parseDateToStr(dateFormat, val);
}
else
{
@@ -326,7 +331,7 @@
{
val = Convert.toInt(val);
}
- else if (Long.TYPE == fieldType || Long.class == fieldType)
+ else if ((Long.TYPE == fieldType || Long.class == fieldType) && StringUtils.isNumeric(Convert.toStr(val)))
{
val = Convert.toLong(val);
}
@@ -409,7 +414,7 @@
{
return exportExcel(list, sheetName, StringUtils.EMPTY);
}
-
+
/**
* 对list数据源将其里面的数据导入到excel表单
*
@@ -431,7 +436,6 @@
* @param list 导出数据集合
* @param sheetName 工作表的名称
* @return 结果
- * @throws IOException
*/
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)
{
@@ -446,7 +450,6 @@
* @param sheetName 工作表的名称
* @param title 标题
* @return 结果
- * @throws IOException
*/
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title)
{
@@ -714,9 +717,9 @@
{
String cellValue = Convert.toStr(value);
// 对于任何以表达式触发字符 =-+@开头的单元格,直接使用tab字符作为前缀,防止CSV注入。
- if (StringUtils.containsAny(cellValue, FORMULA_STR))
+ if (StringUtils.startsWithAny(cellValue, FORMULA_STR))
{
- cellValue = StringUtils.replaceEach(cellValue, FORMULA_STR, new String[] { "\t=", "\t-", "\t+", "\t@" });
+ cellValue = RegExUtils.replaceFirst(cellValue, FORMULA_REGEX_STR, "\t$0");
}
cell.setCellValue(StringUtils.isNull(cellValue) ? attr.defaultValue() : cellValue + attr.suffix());
}
@@ -823,7 +826,7 @@
String dictType = attr.dictType();
if (StringUtils.isNotEmpty(dateFormat) && StringUtils.isNotNull(value))
{
- cell.setCellValue(DateUtils.parseDateToStr(dateFormat, (Date) value));
+ cell.setCellValue(parseDateToStr(dateFormat, value));
}
else if (StringUtils.isNotEmpty(readConverterExp) && StringUtils.isNotNull(value))
{
@@ -1396,4 +1399,37 @@
}
return sheetIndexPicMap;
}
+
+ /**
+ * 格式化不同类型的日期对象
+ *
+ * @param dateFormat 日期格式
+ * @param val 被格式化的日期对象
+ * @return 格式化后的日期字符
+ */
+ public String parseDateToStr(String dateFormat, Object val)
+ {
+ if (val == null)
+ {
+ return "";
+ }
+ String str;
+ if (val instanceof Date)
+ {
+ str = DateUtils.parseDateToStr(dateFormat, (Date) val);
+ }
+ else if (val instanceof LocalDateTime)
+ {
+ str = DateUtils.parseDateToStr(dateFormat, DateUtils.toDate((LocalDateTime) val));
+ }
+ else if (val instanceof LocalDate)
+ {
+ str = DateUtils.parseDateToStr(dateFormat, DateUtils.toDate((LocalDate) val));
+ }
+ else
+ {
+ str = val.toString();
+ }
+ return str;
+ }
}
--
Gitblit v1.9.2