Skip to content

iBiz4j Spring R7
iBiz4j Spring R7
提交 ceb80d8f 编写于 作者: zhouweidong's avatar zhouweidong
浏览文件
操作

直接SQL支持?占位符,放置SQL注入

上级 778c6584
隐藏空白字符变更
内嵌 并排
正在显示 包含 17 行增加14 行删除
SLN/%PUBPRJ%-core/src/main/resources/rules/%DE%%ITEM%Rule.drl.ftl
浏览文件 @ ceb80d8f
...@@ -100,40 +100,45 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}" ...@@ -100,40 +100,45 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}"
${operateEntity.codeName?lower_case}service.${operateAction.codeName?uncap_first}(${logicParamEntity}); ${operateEntity.codeName?lower_case}service.${operateAction.codeName?uncap_first}(${logicParamEntity});
</#if> </#if>
<#elseif deLogicNode.getLogicNodeType()=='RAWSQLCALL'><#comment>直接SQL</#comment> <#elseif deLogicNode.getLogicNodeType()=='RAWSQLCALL'><#comment>直接SQL</#comment>
<#if deLogicNode.getPSDELogicNodeParams()??><#comment>是否包含参数列表</#comment> <#if deLogicNode.getPSDELogicNodeParams()??>
<#comment>包含参数列表</#comment>
<@getCallSQL2 deLogicNode/> <@getCallSQL2 deLogicNode/>
<#else> <#else>
Map param = null; Map param = null;
String strSql="${srfjavasqlcode('${deLogicNode.getParam("PARAM4","")}')}"; String strSql="${srfjavasqlcode('${deLogicNode.getParam("PARAM4","")}')}";
</#if> </#if>
<#if deLogicNode.getDstPSDELogicParam?? && deLogicNode.getDstPSDELogicParam()?? ><#comment>配置返回参数</#comment> <#if (deLogicNode.getParam("PARAM9",0)==1)>
java.util.List<JSONObject> entities=iBzSys${de.codeName?lower_case?cap_first}DefaultService.select(strSql,param);//SQL调用 java.util.List<JSONObject> entities=iBzSys${de.codeName?lower_case?cap_first}DefaultService.select(strSql,param);//SQL调用
<#comment>是否返回参数</#comment>
<#if deLogicNode.getDstPSDELogicParam?? && deLogicNode.getDstPSDELogicParam()?? ><#comment>配置返回参数</#comment>
if(entities.size()>0){ if(entities.size()>0){
<#assign targetLogicParam=deLogicNode.getDstPSDELogicParam()> <#assign targetLogicParam=deLogicNode.getDstPSDELogicParam()>
JSONObject entity=entities.get(0); JSONObject entity=entities.get(0);
<#assign targetLogicParamCodeName=logicName+targetLogicParam.getCodeName()?lower_case> <#assign targetLogicParamCodeName=logicName+targetLogicParam.getCodeName()?lower_case>
<#if targetLogicParam.getParamPSDataEntity?? && targetLogicParam.getParamPSDataEntity()??> <#if targetLogicParam.getParamPSDataEntity?? && targetLogicParam.getParamPSDataEntity()??>
<#assign targetEntity=targetLogicParam.getParamPSDataEntity()> <#assign targetEntity=targetLogicParam.getParamPSDataEntity()>
<#if (deLogicNode.getParam("PARAM7",1)==0)><#comment>重置原数据</#comment> <#if (deLogicNode.getParam("PARAM7",1)==0)><#comment>重置原数据</#comment>
${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName} targetEntity =new ${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName}(); ${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName} targetEntity =new ${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName}();
for (Map.Entry entry : entity.entrySet()) { for (Map.Entry entry : entity.entrySet()) {
targetEntity.set(String.valueOf(entry.getKey()),entry.getValue()); targetEntity.set(String.valueOf(entry.getKey()),entry.getValue());
} }
org.springframework.cglib.beans.BeanCopier copier= org.springframework.cglib.beans.BeanCopier.create(targetEntity.getClass(),${targetLogicParamCodeName}.getClass(), false); org.springframework.cglib.beans.BeanCopier copier= org.springframework.cglib.beans.BeanCopier.create(targetEntity.getClass(),${targetLogicParamCodeName}.getClass(), false);
copier.copy(targetEntity,${targetLogicParamCodeName},null); copier.copy(targetEntity,${targetLogicParamCodeName},null);
<#else><#comment>不重置原数据</#comment> <#else><#comment>不重置原数据</#comment>
for (Map.Entry entry : entity.entrySet()) { for (Map.Entry entry : entity.entrySet()) {
${targetLogicParamCodeName}.set(String.valueOf(entry.getKey()),entry.getValue()); ${targetLogicParamCodeName}.set(String.valueOf(entry.getKey()),entry.getValue());
} }
</#if>
<#else>
${targetLogicParamCodeName}.putAll(entity);
</#if> </#if>
}
<#else> <#else>
${targetLogicParamCodeName}.putAll(entity); iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql);//SQL调用
</#if> </#if>
}
<#else> <#else>
iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql);//SQL调用 iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql,param);//SQL调用
</#if> </#if>
<#elseif deLogicNode.getLogicNodeType()=='RAWSQLANDLOOPCALL'><#comment>直接SQL并循环调用</#comment> <#elseif deLogicNode.getLogicNodeType()=='RAWSQLANDLOOPCALL'><#comment>直接SQL并循环调用</#comment>
//暂不支持 //暂不支持
<#--<#if deLogicNode.getPSDELogicNodeParams()??><#comment>是否包含参数列表</#comment>--> <#--<#if deLogicNode.getPSDELogicNodeParams()??><#comment>是否包含参数列表</#comment>-->
...@@ -155,8 +160,6 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}" ...@@ -155,8 +160,6 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}"
<#--}--> <#--}-->
<#--</#if>--> <#--</#if>-->
<#--}--> <#--}-->
</#if> </#if>
<#if delogic.getPSDELogicParams?? && delogic.getPSDELogicParams()??> <#if delogic.getPSDELogicParams?? && delogic.getPSDELogicParams()??>
<#list delogic.getPSDELogicParams() as logicParam> <#list delogic.getPSDELogicParams() as logicParam>
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册