中文转义，为空处理

src/main/java/com/huoran/iasf/common/exception/code/BaseResponseCode.java

@@ -24,7 +24,7 @@ public enum BaseResponseCode implements ResponseCodeInterface {
     KEY_OR_TOMEUNIT(10009, "key or TomeUnit 不能为空！"),
     DICTIONARY_DATA_FAILED(10010, "获取字典数据失败"),
     UPLOAD_EMPTY(10011, "上传内容为空"),
-    UPLOAD_FAILED(10012, "文件格式上传有误"),
+    UPLOAD_FAILED(10012, "上传失败,上传格式不支持！"),
     VERIFICATION_CODE_ERROR(10007, "验证码错误！"),
     VERIFICATION_CODE_EXPIRED(10006, "验证码已过期！"),
     CANNOT_SAME(10005, "新密码不能与旧密码相同！"),

src/main/java/com/huoran/iasf/controller/DeptController.java

@@ -44,6 +44,9 @@ public class DeptController {
         //中文转码
         String name = URLDecoder.decode(vo.getName(), StandardCharsets.UTF_8.toString());
         vo.setName(name);
+
+        String pidName = URLDecoder.decode(vo.getPidName(), StandardCharsets.UTF_8.toString());
+        vo.setPidName(pidName);
         boolean ok = deptService.checkDeptRepeat(vo);
         if (ok) {
             return R.fail("同级下已存在相同的名称:" + vo.getName());
@@ -74,6 +77,9 @@ public class DeptController {
         //中文转码
         String name = URLDecoder.decode(vo.getName(), StandardCharsets.UTF_8.toString());
         vo.setName(name);
+
+        String pidName = URLDecoder.decode(vo.getPidName(), StandardCharsets.UTF_8.toString());
+        vo.setPidName(pidName);
         boolean ok = deptService.checkDeptRepeat(vo);
         if (ok) {
             return R.fail("同级下已存在相同的名称:" + vo.getName());

src/main/java/com/huoran/iasf/controller/RoleController.java

@@ -125,9 +125,11 @@ public class RoleController {
     @RequiresPermissions("sys:role:list")
     @SuppressWarnings("unchecked")
     public R pageInfo(@RequestBody SysRole vo) throws UnsupportedEncodingException {
+        if (!StringUtils.isEmpty(vo.getName())) {
             //中文转码
             String name = URLDecoder.decode(vo.getName(), StandardCharsets.UTF_8.toString());
             vo.setName(name);
+        }
         LambdaQueryWrapper<SysRole> queryWrapper = Wrappers.lambdaQuery();
         if (!StringUtils.isEmpty(vo.getName())) {
             queryWrapper.like(SysRole::getName, vo.getName());

src/main/java/com/huoran/iasf/controller/SysColumnController.java

@@ -19,6 +19,7 @@ import com.huoran.iasf.common.utils.R;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -30,7 +31,10 @@ import io.swagger.annotations.ApiOperation;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
+import java.io.UnsupportedEncodingException;
 import java.lang.reflect.InvocationTargetException;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -71,7 +75,11 @@ public class SysColumnController {
     @PostMapping("/listWithTree")
     @Decrypt
     @ApiOperation(value = "栏目树结构", response = SysColumn.class)
-    public R listWithTree(@RequestBody @Valid PaginationColumnReqVO sysColumn) {
+    public R listWithTree(@RequestBody @Valid PaginationColumnReqVO sysColumn) throws UnsupportedEncodingException {
+        if (!StringUtils.isEmpty(sysColumn.getColumnName())) {
+            String columnName = URLDecoder.decode(sysColumn.getColumnName(), StandardCharsets.UTF_8.toString());
+            sysColumn.setColumnName(columnName);
+        }
         return R.success(service.listWithTree(sysColumn));
     }
 

src/main/java/com/huoran/iasf/controller/SysContentController.java

@@ -19,6 +19,7 @@ import com.huoran.iasf.vo.req.*;
 import com.huoran.iasf.vo.resp.PageContentRespVO;
 import io.swagger.annotations.*;
 import com.huoran.iasf.common.utils.R;
+import org.apache.commons.lang.StringUtils;
 import org.apache.ibatis.annotations.Update;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -67,7 +68,31 @@ public class SysContentController {
     @PostMapping("/pagingQuery")
     @Decrypt
     @ApiOperation(value = "分页查询文章列表", response = PageContentRespVO.class)
-    public R pagingQuery(@RequestBody @Valid @ApiParam(name = "分页查询参数", value = "传入json格式", required = true) PageContentReqVO sysContent) {
+    public R pagingQuery(@RequestBody @Valid @ApiParam(name = "分页查询参数", value = "传入json格式", required = true) PageContentReqVO sysContent) throws UnsupportedEncodingException {
+        if (!StringUtils.isEmpty(sysContent.getTitle())) {
+            //中文转码
+            String title = URLDecoder.decode(sysContent.getTitle(), StandardCharsets.UTF_8.toString());
+            sysContent.setTitle(title);
+
+        }
+        if (!StringUtils.isEmpty(sysContent.getFounder())) {
+            //中文转码
+            String founder = URLDecoder.decode(sysContent.getFounder(), StandardCharsets.UTF_8.toString());
+            sysContent.setFounder(founder);
+
+        }
+        if (!StringUtils.isEmpty(sysContent.getColumn())) {
+            //中文转码
+            String column = URLDecoder.decode(sysContent.getColumn(), StandardCharsets.UTF_8.toString());
+            sysContent.setColumn(column);
+
+        }
+        if (!StringUtils.isEmpty(sysContent.getEditor())) {
+            //中文转码
+            String editor = URLDecoder.decode(sysContent.getEditor(), StandardCharsets.UTF_8.toString());
+            sysContent.setEditor(editor);
+
+        }
         return service.articlePaginationList(sysContent);
     }
 
@@ -173,8 +198,10 @@ public class SysContentController {
     @ApiOperation(value = "站点最新发布的文章", response = PageContentReqVO.class)
     public R newlyPublishedArticles(@Valid @RequestBody PageContentReqVO content) throws UnsupportedEncodingException {
         //中文转码
+        if (!StringUtils.isEmpty(content.getTitle())) {
             String title = URLDecoder.decode(content.getTitle(), StandardCharsets.UTF_8.toString());
             content.setTitle(title);
+        }
         return service.newlyPublishedArticles(content);
     }
 
@@ -271,8 +298,11 @@ public class SysContentController {
 
 
     @PostMapping("/queryArticleColumnParent")
+    @Decrypt
     @ApiOperation(value = "查询文章的栏目父级", response = PageContentReqVO.class)
-    public R queryArticleColumnParent(@ApiParam(name = "articleId", value = "文章id", required = true) @RequestParam Integer articleId) {
+    public R queryArticleColumnParent(
+            @ApiParam(name = "articleId", value = "文章id", required = true)
+            @RequestBody Integer articleId) {
         return service.queryArticleColumnParent(articleId);
     }
 

src/main/java/com/huoran/iasf/controller/SysFilesController.java

@@ -21,9 +21,9 @@ import com.huoran.iasf.vo.req.FileParameters;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
@@ -33,11 +33,14 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.List;
+import java.util.regex.Pattern;
 
 
 /**
@@ -86,11 +89,17 @@ public class SysFilesController {
             uEditorResult.setState("error");
             return uEditorResult;
         }
+
+        String pattern = ".*\\.(mp4|MP3|MP4|jpg|png|gif|doc|xls|xlsx|docx|pdf|mp3)$";
+        boolean hasExtension = Pattern.matches(pattern, file.getOriginalFilename());
+        if (!hasExtension){
             String[] allowedExtension = new String[]{"jpg", "png", "gif", "doc", "xls", "xlsx", "docx", "pdf", "mov","mp4","MP3"};
             fileUploadUtils.assertAllowed(file,allowedExtension);
+        }
         return sysFilesService.saveFile(file,fileParameters);
     }
 
+
     @ApiOperation(value = "更新文件信息")
     @PostMapping("/update")
     public R update(@RequestBody FileParameters fileParameters) {
@@ -128,7 +137,27 @@ public class SysFilesController {
     @ApiOperation(value = "查询分页数据",response = SysFilesEntity.class)
     @PostMapping("/listByPage")
     @RequiresPermissions("sysFiles:list")
-    public R findListByPage(@RequestBody SysFilesEntity sysFiles) {
+    public R findListByPage(@RequestBody SysFilesEntity sysFiles) throws UnsupportedEncodingException {
+        if (!StringUtils.isEmpty(sysFiles.getQuote())) {
+            //中文转码
+            String title = URLDecoder.decode(sysFiles.getQuote(), StandardCharsets.UTF_8.toString());
+            sysFiles.setQuote(title);
+        }
+        if (!StringUtils.isEmpty(sysFiles.getFileName())) {
+            //中文转码
+            String title = URLDecoder.decode(sysFiles.getFileName(), StandardCharsets.UTF_8.toString());
+            sysFiles.setFileName(title);
+        }
+        if (!StringUtils.isEmpty(sysFiles.getUploader())) {
+            //中文转码
+            String title = URLDecoder.decode(sysFiles.getUploader(), StandardCharsets.UTF_8.toString());
+            sysFiles.setUploader(title);
+        }
+        if (!StringUtils.isEmpty(sysFiles.getType())) {
+            //中文转码
+            String title = URLDecoder.decode(sysFiles.getType(), StandardCharsets.UTF_8.toString());
+            sysFiles.setType(title);
+        }
         return sysFilesService.getPage(sysFiles);
 
         /*LambdaQueryWrapper<SysFilesEntity> queryWrapper = Wrappers.lambdaQuery();

src/main/java/com/huoran/iasf/controller/UserController.java

@@ -39,6 +39,7 @@ import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Pattern;
 
 /**
  * 用户管理
@@ -82,8 +83,14 @@ public class UserController {
     @RequiresPermissions("sys:user:update")
     public R updateUserInfo(@RequestBody SysUser vo) throws UnsupportedEncodingException {
         //中文转码
-        String username = URLDecoder.decode(vo.getUsername(), StandardCharsets.UTF_8.toString());
-        vo.setUsername(username);
+        if (!StringUtils.isEmpty(vo.getRealName())) {
+            String realName = URLDecoder.decode(vo.getRealName(), StandardCharsets.UTF_8.toString());
+            vo.setRealName(realName);
+        }
+        if (!StringUtils.isEmpty(vo.getUsername())) {
+            String realName = URLDecoder.decode(vo.getUsername(), StandardCharsets.UTF_8.toString());
+            vo.setUsername(realName);
+        }
 
         if (StringUtils.isEmpty(vo.getId())) {
             return R.fail("id不能为空");
@@ -254,8 +261,13 @@ public class UserController {
     @ApiOperation(value = "修改用户头像")
     @PostMapping("/updateUserAvatars")
     public R updateUserAvatars(MultipartFile file) throws Exception {
+
+        String pattern = ".*\\.(jpg|png|gif)$";
+        boolean hasExtension = Pattern.matches(pattern, file.getOriginalFilename());
+        if (!hasExtension){
             String[] allowedExtension = new String[]{"jpg", "png", "gif"};
             fileUploadUtils.assertAllowed(file,allowedExtension);
+        }
         Integer currentUserId = httpSessionService.getCurrentUserId();
         return userService.updateUserAvatars(currentUserId.toString(), file);
     }

src/main/java/com/huoran/iasf/controller/UserGroupController.java

@@ -51,6 +51,8 @@ public class UserGroupController {
         //中文转码
         String groupName = URLDecoder.decode(userGroup.getGroupName(), StandardCharsets.UTF_8.toString());
         userGroup.setGroupName(groupName);
+        String description = URLDecoder.decode(userGroup.getDescription(), StandardCharsets.UTF_8.toString());
+        userGroup.setDescription(description);
         UserGroup one = userGroupService.getOne(new QueryWrapper<UserGroup>().
                 eq("group_name", userGroup.getGroupName()));
         if (ObjectUtil.isNotNull(one)){
@@ -82,6 +84,8 @@ public class UserGroupController {
         //中文转码
         String groupName = URLDecoder.decode(userGroup.getGroupName(), StandardCharsets.UTF_8.toString());
         userGroup.setGroupName(groupName);
+        String description = URLDecoder.decode(userGroup.getDescription(), StandardCharsets.UTF_8.toString());
+        userGroup.setDescription(description);
         QueryWrapper<UserGroup> queryWrapper = new QueryWrapper<>();
         queryWrapper.eq("group_name", userGroup.getGroupName());
         queryWrapper.last(" and id  != " + userGroup.getId());
@@ -108,11 +112,14 @@ public class UserGroupController {
     @LogAnnotation(title = "用户组管理", action = "获取所有用户组机构")
     @RequiresPermissions("sys:userGroup:list")
     public R getUserGroupAll(@RequestBody UserGroup userGroup) throws UnsupportedEncodingException {
+        if (!StringUtils.isEmpty(userGroup.getGroupName())) {
             //中文转码
             String groupName = URLDecoder.decode(userGroup.getGroupName(), StandardCharsets.UTF_8.toString());
+            userGroup.setGroupName(groupName);
+        }
         LambdaQueryWrapper<UserGroup> queryWrapper = Wrappers.lambdaQuery();
-        if (!StringUtils.isEmpty(groupName)) {
-            queryWrapper.like(UserGroup::getGroupName, groupName);
+        if (!StringUtils.isEmpty(userGroup.getGroupName())) {
+            queryWrapper.like(UserGroup::getGroupName, userGroup.getGroupName());
         }
         queryWrapper.orderByDesc(UserGroup::getCreateTime);
         IPage<SysFilesEntity> iPage = userGroupService.page(userGroup.getQueryPage(),queryWrapper);