Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
java
/
mrqc-sys
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

解决病理详情页检查、检验、医嘱查询接口被认为sql注入bug

songxinlu 3 lat temu
rodzic
00d5c3cc33
commit
373e2ba7fb
3 zmienionych plików z 7 dodań i 11 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 2
      src/main/resources/mapper/DoctorAdviceMapper.xml
  2. 3 5
      src/main/resources/mapper/MedLisInfoMapper.xml
  3. 3 4
      src/main/resources/mapper/MedPacsInfoMapper.xml

+ 1 - 2
src/main/resources/mapper/DoctorAdviceMapper.xml
Wyświetl plik 

@@ -95,7 +95,7 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 2
 
+                and b.info in ("")
 
             </if>
 
         </if>
 
         <if test="doctorAdviceVO.adviceType != null and doctorAdviceVO.adviceType == 2 ">
 
@@ -106,7 +106,6 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1=1
 
             </if>
 
         </if>
 
     </select>

+ 3 - 5
src/main/resources/mapper/MedLisInfoMapper.xml
Wyświetl plik 

@@ -104,7 +104,7 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 2
 
+                and b.info  in ("")
 
             </if>
 
 
     </select>
 
@@ -186,7 +186,7 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 2
 
+                and b.info in ("")
 
             </if>
 
         </if>
 
         <if test="examineInfoVO.examineType != null and examineInfoVO.examineType == 2 ">
 
@@ -197,7 +197,6 @@
 
                 </foreach>
 
             </if>
 
             <if test="badCheckInfo = null || badCheckInfo.size() == 0">
 
-                and 1 = 1
 
             </if>
 
         </if>
 
     </select>
 
@@ -259,7 +258,7 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 2
 
+                and t.info in ("")
 
             </if>
 
         </if>
 
         <if test="examineSonInfoVO.examineType != null and examineSonInfoVO.examineType == 2 ">
 
@@ -270,7 +269,6 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 1
 
             </if>
 
         </if>
 
     </select>

+ 3 - 4
src/main/resources/mapper/MedPacsInfoMapper.xml
Wyświetl plik 

@@ -57,8 +57,8 @@
 
         left join
 
         med_pacs_result t2
 
         on t1.hospital_id = t2.hospital_id
 
-        AND t1.is_deleted = "N"
 
-        AND t2.is_deleted = "N"
 
+        AND t1.is_deleted = 'N'
 
+        AND t2.is_deleted = 'N'
 
         AND t1.rep_name IS NOT NULL
 
         AND t1.check_date IS NOT NULL
 
         AND t1.behospital_code = t2.behospital_code
 
@@ -107,7 +107,7 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 2
 
+                and b.info in ("")
 
             </if>
 
         </if>
 
         <if test="checkInfoVO.checkType != null and checkInfoVO.checkType == 2 ">
 
@@ -118,7 +118,6 @@
 
                 </foreach>
 
             </if>
 
             <if test="infos = null || infos.size() == 0">
 
-                and 1 = 1
 
             </if>
 
         </if>
 
     </select>