ZF/plus-ui
1
0
Fork 0
mirror of https://gitee.com/JavaLionLi/plus-ui.git synced 2026-05-14 03:12:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix 修复 前端输入性CVE漏洞 禁止使用代码生成到本地路径

Browse Source
This commit is contained in:
疯狂的狮子Li
2026-05-06 15:24:56 +08:00
parent 97e984afa5
commit de67f38988
4 changed files with 3 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/tool/gen/index.ts
View File

@@ -64,14 +64,6 @@ export const delTable = (tableId: string | number | Array<string | number>) => {
});
};
// 生成代码(自定义路径)
export const genCode = (tableId: string | number) => {
return request({
url: '/tool/gen/genCode/' + tableId,
method: 'get'
});
};
// 同步数据库
export const synchDb = (tableId: string | number) => {
return request({

6
src/api/tool/gen/types.ts
View File

@@ -11,8 +11,6 @@ export interface TableVO extends BaseEntity {
businessName: string;
functionName: string;
functionAuthor: string;
genType: string;
genPath: string;
pkColumn?: any;
columns?: any;
options?: any;
@@ -87,8 +85,6 @@ export interface DbTableVO {
businessName?: any;
functionName?: any;
functionAuthor?: any;
genType?: any;
genPath?: any;
pkColumn?: any;
columns: DbColumnVO[];
options?: any;
@@ -190,8 +186,6 @@ export interface DbTableForm extends BaseEntity {
businessName: string;
functionName: string;
functionAuthor: string;
genType: string;
genPath: string;
pkColumn?: any;
columns: DbColumnForm[];
options: string;

38
src/views/tool/gen/genInfoForm.vue
View File

@@ -82,44 +82,6 @@
</el-form-item>
</el-col>
<el-col :span="12">
<el-form-item prop="genType">
<template #label>
生成代码方式
<el-tooltip content="默认为zip压缩包下载也可以自定义生成路径" placement="top">
<el-icon><question-filled /></el-icon>
</el-tooltip>
</template>
<el-radio v-model="infoForm.genType" value="0">zip压缩包</el-radio>
<el-radio v-model="infoForm.genType" value="1">自定义路径</el-radio>
</el-form-item>
</el-col>
<el-col v-if="infoForm.genType == '1'" :span="24">
<el-form-item prop="genPath">
<template #label>
自定义路径
<el-tooltip content="填写磁盘绝对路径若不填写则生成到当前Web项目下" placement="top">
<el-icon><question-filled /></el-icon>
</el-tooltip>
</template>
<el-input v-model="infoForm.genPath">
<template #append>
<el-dropdown>
<el-button type="primary">
最近路径快速选择
<i class="el-icon-arrow-down el-icon--right"></i>
</el-button>
<template #dropdown>
<el-dropdown-menu>
<el-dropdown-item @click="infoForm.genPath = '/'">恢复默认的生成基础路径</el-dropdown-item>
</el-dropdown-menu>
</template>
</el-dropdown>
</template>
</el-input>
</el-form-item>
</el-col>
</el-row>
<h4 class="form-header">增强选项</h4>

23
src/views/tool/gen/index.vue
View File

@@ -192,7 +192,7 @@
<script setup name="Gen" lang="ts">
import { useRoute } from 'vue-router';
import { delTable, genCode, getDataNames, listTable, previewTable, synchDb } from '@/api/tool/gen';
import { delTable, getDataNames, listTable, previewTable, synchDb } from '@/api/tool/gen';
import { TableQuery, TableVO } from '@/api/tool/gen/types';
import { useLoading } from '@/hooks/async/useLoading';
import { useDialogState } from '@/hooks/dialog/useDialogState';
@@ -269,25 +269,8 @@ const handleGenTable = async (row?: TableVO) => {
return;
}
const customRows = currentRows.filter(item => item.genType === '1');
const zipRows = currentRows.filter(item => item.genType !== '1');
for (const item of customRows) {
await genCode(item.tableId);
}
if (customRows.length === 1 && zipRows.length === 0) {
modal.msgSuccess('成功生成到自定义路径:' + customRows[0].genPath);
return;
}
if (customRows.length > 1) {
modal.msgSuccess('已生成到自定义路径,共 ' + customRows.length + ' 张表');
}
if (zipRows.length > 0) {
const zipIds = zipRows.map(item => item.tableId).join(',');
download.zip('/tool/gen/batchGenCode?tableIdStr=' + zipIds, 'ruoyi.zip');
}
const zipIds = currentRows.map(item => item.tableId).join(',');
download.zip('/tool/gen/batchGenCode?tableIdStr=' + zipIds, 'ruoyi.zip');
};
/** 同步数据库操作 */
const handleSynchDb = async (row: TableVO) => {