public/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://gitee.com/dromara/RuoYi-Vue-Plus.git synced 2026-03-29 16:53:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 优化 后端导入返回信息使用\n分割 避免前端出现xss问题

Browse Source
This commit is contained in:
疯狂的狮子Li
2026-03-27 16:43:31 +08:00
parent 58f1e2ba25
commit 776d85ae15
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/listener/SysUserImportListener.java
View File

@@ -32,6 +32,8 @@ import java.util.List;
@Slf4j @Slf4j
public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo> implements ExcelListener<SysUserImportVo> { public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo> implements ExcelListener<SysUserImportVo> {
private static final String NL = "\n";
private final ISysUserService userService; private final ISysUserService userService;
private final String password; private final String password;
@@ -65,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
user.setCreateBy(operUserId); user.setCreateBy(operUserId);
userService.insertUser(user); userService.insertUser(user);
successNum++; successNum++;
successMsg.append("<br/>").append(successNum).append("、账号 ").append(user.getUserName()).append(" 导入成功"); successMsg.append(NL).append(successNum).append("、账号 ").append(user.getUserName()).append(" 导入成功");
} else if (isUpdateSupport) { } else if (isUpdateSupport) {
Long userId = sysUser.getUserId(); Long userId = sysUser.getUserId();
SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class); SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
@@ -76,14 +78,14 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
user.setUpdateBy(operUserId); user.setUpdateBy(operUserId);
userService.updateUser(user); userService.updateUser(user);
successNum++; successNum++;
successMsg.append("<br/>").append(successNum).append("、账号 ").append(user.getUserName()).append(" 更新成功"); successMsg.append(NL).append(successNum).append("、账号 ").append(user.getUserName()).append(" 更新成功");
} else { } else {
failureNum++; failureNum++;
failureMsg.append("<br/>").append(failureNum).append("、账号 ").append(sysUser.getUserName()).append(" 已存在"); failureMsg.append(NL).append(failureNum).append("、账号 ").append(sysUser.getUserName()).append(" 已存在");
} }
} catch (Exception e) { } catch (Exception e) {
failureNum++; failureNum++;
String msg = "<br/>" + failureNum + "、账号 " + HtmlUtil.cleanHtmlTag(userVo.getUserName()) + " 导入失败:"; String msg = NL + failureNum + "、账号 " + HtmlUtil.cleanHtmlTag(userVo.getUserName()) + " 导入失败:";
String message = e.getMessage(); String message = e.getMessage();
if (e instanceof ConstraintViolationException cvException) { if (e instanceof ConstraintViolationException cvException) {
message = StreamUtils.join(cvException.getConstraintViolations(), ConstraintViolation::getMessage, ", "); message = StreamUtils.join(cvException.getConstraintViolations(), ConstraintViolation::getMessage, ", ");