mirror of
https://github.com/yangzongzhuan/RuoYi.git
synced 2026-01-15 15:04:59 +00:00
修改Thymeleaf变量,防止SSTI RCE风险
This commit is contained in:
RuoYi
@@ -273,7 +273,7 @@ public class DemoFormController
|
||||
* @param taskName 任务名称
|
||||
*/
|
||||
@PostMapping("/localrefresh/task")
|
||||
public String localRefreshTask(String fragment, String taskName, ModelMap mmap)
|
||||
public String localRefreshTask(String taskName, ModelMap mmap)
|
||||
{
|
||||
JSONArray list = new JSONArray();
|
||||
JSONObject item = new JSONObject();
|
||||
@@ -287,7 +287,7 @@ public class DemoFormController
|
||||
item.put("date", "2018.06.12");
|
||||
list.add(item);
|
||||
mmap.put("tasks", list);
|
||||
return prefix + "/localrefresh::" + fragment;
|
||||
return prefix + "/localrefresh::fragment-tasklist";
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -36,29 +36,29 @@ public class CacheController extends BaseController
|
||||
|
||||
@RequiresPermissions("monitor:cache:view")
|
||||
@PostMapping("/getNames")
|
||||
public String getCacheNames(String fragment, ModelMap mmap)
|
||||
public String getCacheNames(ModelMap mmap)
|
||||
{
|
||||
mmap.put("cacheNames", cacheService.getCacheNames());
|
||||
return prefix + "/cache::" + fragment;
|
||||
return prefix + "/cache::fragment-cache-names";
|
||||
}
|
||||
|
||||
@RequiresPermissions("monitor:cache:view")
|
||||
@PostMapping("/getKeys")
|
||||
public String getCacheKeys(String fragment, String cacheName, ModelMap mmap)
|
||||
public String getCacheKeys(String cacheName, ModelMap mmap)
|
||||
{
|
||||
mmap.put("cacheName", cacheName);
|
||||
mmap.put("cacheKeys", cacheService.getCacheKeys(cacheName));
|
||||
return prefix + "/cache::" + fragment;
|
||||
return prefix + "/cache::fragment-cache-kyes";
|
||||
}
|
||||
|
||||
@RequiresPermissions("monitor:cache:view")
|
||||
@PostMapping("/getValue")
|
||||
public String getCacheValue(String fragment, String cacheName, String cacheKey, ModelMap mmap)
|
||||
public String getCacheValue(String cacheName, String cacheKey, ModelMap mmap)
|
||||
{
|
||||
mmap.put("cacheName", cacheName);
|
||||
mmap.put("cacheKey", cacheKey);
|
||||
mmap.put("cacheValue", cacheService.getCacheValue(cacheName, cacheKey));
|
||||
return prefix + "/cache::" + fragment;
|
||||
return prefix + "/cache::fragment-cache-value";
|
||||
}
|
||||
|
||||
@RequiresPermissions("monitor:cache:view")
|
||||
|
||||
@@ -48,8 +48,7 @@
|
||||
type: "post",
|
||||
url: ctx + "demo/form/localrefresh/task",
|
||||
data: {
|
||||
"taskName": $("#task-name").val(),
|
||||
"fragment":'fragment-tasklist'
|
||||
"taskName": $("#task-name").val()
|
||||
},
|
||||
success: function(data) {
|
||||
$("#tasklist").html(data);
|
||||
|
||||
@@ -105,9 +105,6 @@ function getCacheNames() {
|
||||
$.ajax({
|
||||
type: "post",
|
||||
url: prefix + "/getNames",
|
||||
data: {
|
||||
"fragment": 'fragment-cache-names'
|
||||
},
|
||||
success: function(data) {
|
||||
$("#cacheNames").html(data);
|
||||
$.modal.msgSuccess("刷新缓存列表成功");
|
||||
@@ -121,8 +118,7 @@ function getCacheKeys(cacheName, isMsg) {
|
||||
type: "post",
|
||||
url: prefix + "/getKeys",
|
||||
data: {
|
||||
"cacheName": _cacheName,
|
||||
"fragment": 'fragment-cache-kyes'
|
||||
"cacheName": _cacheName
|
||||
},
|
||||
success: function(data) {
|
||||
$("#cacheKeys").html(data);
|
||||
@@ -140,8 +136,7 @@ function getCacheValue(cacheName, cacheKey) {
|
||||
url: prefix + "/getValue",
|
||||
data: {
|
||||
"cacheName": cacheName,
|
||||
"cacheKey": cacheKey,
|
||||
"fragment": 'fragment-cache-value'
|
||||
"cacheKey": cacheKey
|
||||
},
|
||||
success: function(data) {
|
||||
$("#cacheValue").html(data);
|
||||
|
||||
Reference in New Issue
Block a user