From 6fa3bfe05184e9bcaadf00becee1d30f4abb9b1d Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: Thu, 27 May 2021 17:38:27 +0800
Subject: [PATCH] 修复两处存在SQL注入漏洞问题
---
ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml | 14 +++++---------
1 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml b/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
index 818941f..7e3ab1e 100644
--- a/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
+++ b/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
@@ -42,11 +42,11 @@
<if test="roleKey != null and roleKey != ''">
AND r.role_key like concat('%', #{roleKey}, '%')
</if>
- <if test="beginTime != null and beginTime != ''"><!-- 开始时间检索 -->
- and date_format(r.create_time,'%y%m%d') >= date_format(#{beginTime},'%y%m%d')
+ <if test="params.beginTime != null and params.beginTime != ''"><!-- 开始时间检索 -->
+ and date_format(r.create_time,'%y%m%d') >= date_format(#{params.beginTime},'%y%m%d')
</if>
- <if test="endTime != null and endTime != ''"><!-- 结束时间检索 -->
- and date_format(r.create_time,'%y%m%d') <= date_format(#{endTime},'%y%m%d')
+ <if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
+ and date_format(r.create_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
@@ -135,12 +135,8 @@
where role_id = #{roleId}
</update>
- <update id="updateRoleStatus" parameterType="SysRole">
- update sys_user set status = #{status} where user_id = #{userId}
- </update>
-
<delete id="deleteRoleById" parameterType="Long">
- delete from sys_role where role_id = #{roleId}
+ update sys_role set del_flag = '2' where role_id = #{roleId}
</delete>
<delete id="deleteRoleByIds" parameterType="Long">
--
Gitblit v1.9.2