Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
3fa1b5d6d3
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
36
pom.xml
36
pom.xml
|
@ -9,7 +9,7 @@
|
||||||
</parent>
|
</parent>
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>net.mingsoft</groupId>
|
<groupId>net.mingsoft</groupId>
|
||||||
<artifactId>mcms</artifactId>
|
<artifactId>ms-mcms</artifactId>
|
||||||
<version>5.1-SNAPSHOT</version>
|
<version>5.1-SNAPSHOT</version>
|
||||||
<name>ms-mcms</name>
|
<name>ms-mcms</name>
|
||||||
<properties>
|
<properties>
|
||||||
|
@ -22,11 +22,7 @@
|
||||||
<artifactId>ms-mpeople</artifactId>
|
<artifactId>ms-mpeople</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<!-- 此部分是铭飞平台MStroe的客户端(MStore不在铭飞开源产品范围),如果不需要使用MStore可以删除掉 -->
|
<!-- 此部分是铭飞平台MStroe的客户端(MStore不在铭飞开源产品范围),如果不需要使用MStore可以删除掉 -->
|
||||||
<dependency>
|
|
||||||
<groupId>net.mingsoft</groupId>
|
|
||||||
<artifactId>store-client</artifactId>
|
|
||||||
<version>2.0</version>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<build>
|
<build>
|
||||||
<finalName>ms-mcms</finalName>
|
<finalName>ms-mcms</finalName>
|
||||||
|
@ -40,30 +36,24 @@
|
||||||
<target>${java.version}</target>
|
<target>${java.version}</target>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
|
||||||
<groupId>org.springframework.boot</groupId>
|
|
||||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<goals>
|
|
||||||
<goal>repackage</goal>
|
|
||||||
</goals>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
<configuration>
|
|
||||||
<fork>true</fork>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
</plugins>
|
||||||
<resources>
|
<resources>
|
||||||
<resource>
|
<resource>
|
||||||
<directory>src/main/webapp</directory>
|
<directory>src/main/webapp</directory>
|
||||||
</resource>
|
<excludes>
|
||||||
<resource>
|
<exclude>static/**</exclude>
|
||||||
<directory>src/main/resources</directory>
|
<exclude>html/**</exclude>
|
||||||
|
<exclude>upload/**</exclude>
|
||||||
|
<exclude>templets/**</exclude>
|
||||||
|
</excludes>
|
||||||
</resource>
|
</resource>
|
||||||
<resource>
|
<resource>
|
||||||
<directory>src/main/java</directory>
|
<directory>src/main/java</directory>
|
||||||
|
<excludes>
|
||||||
|
<exclude>**/*.java</exclude>
|
||||||
|
<exclude>**/MSApplication.class</exclude>
|
||||||
|
<exclude>**/MSServletInitializer.class</exclude>
|
||||||
|
</excludes>
|
||||||
</resource>
|
</resource>
|
||||||
</resources>
|
</resources>
|
||||||
<defaultGoal>compile</defaultGoal>
|
<defaultGoal>compile</defaultGoal>
|
||||||
|
|
|
@ -176,8 +176,8 @@ public class GeneraterAction extends BaseAction {
|
||||||
for (CategoryEntity column : columns) {
|
for (CategoryEntity column : columns) {
|
||||||
ContentBean contentBean = new ContentBean();
|
ContentBean contentBean = new ContentBean();
|
||||||
contentBean.setContentCategoryId(column.getId());
|
contentBean.setContentCategoryId(column.getId());
|
||||||
// 分类是列表,链接
|
// 分类是列表
|
||||||
if(!column.getCategoryType().equals("2")) {
|
if(column.getCategoryType().equals("1")) {
|
||||||
// 判断模板文件是否存在
|
// 判断模板文件是否存在
|
||||||
if (!FileUtil.exist(ParserUtil.buildTempletPath(column.getCategoryListUrl()))) {
|
if (!FileUtil.exist(ParserUtil.buildTempletPath(column.getCategoryListUrl()))) {
|
||||||
LOG.error("模板不存在:{}", column.getCategoryUrl());
|
LOG.error("模板不存在:{}", column.getCategoryUrl());
|
||||||
|
@ -253,8 +253,8 @@ public class GeneraterAction extends BaseAction {
|
||||||
categoryList = categoryBiz.query(categoryEntity);
|
categoryList = categoryBiz.query(categoryEntity);
|
||||||
for(CategoryEntity category : categoryList){
|
for(CategoryEntity category : categoryList){
|
||||||
contentBean.setContentCategoryId(category.getId());
|
contentBean.setContentCategoryId(category.getId());
|
||||||
// 分类是列表,链接
|
// 分类是列表
|
||||||
if(!category.getCategoryType().equals("2")){
|
if(category.getCategoryType().equals("1")){
|
||||||
// 判断模板文件是否存在
|
// 判断模板文件是否存在
|
||||||
if (!FileUtil.exist(ParserUtil.buildTempletPath(category.getCategoryListUrl())) || StringUtils.isEmpty(category.getCategoryListUrl())) {
|
if (!FileUtil.exist(ParserUtil.buildTempletPath(category.getCategoryListUrl())) || StringUtils.isEmpty(category.getCategoryListUrl())) {
|
||||||
LOG.error("模板不存在:{}",category.getCategoryUrl());
|
LOG.error("模板不存在:{}",category.getCategoryUrl());
|
||||||
|
@ -276,8 +276,8 @@ public class GeneraterAction extends BaseAction {
|
||||||
}else {
|
}else {
|
||||||
CategoryEntity category = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(columnId));
|
CategoryEntity category = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(columnId));
|
||||||
contentBean.setContentCategoryId(columnId);
|
contentBean.setContentCategoryId(columnId);
|
||||||
// 分类是列表,链接
|
// 分类是列表
|
||||||
if(!category.getCategoryType().equals("2")){
|
if(category.getCategoryType().equals("1")){
|
||||||
// 获取文章列表表属性
|
// 获取文章列表表属性
|
||||||
// 判断模板文件是否存在
|
// 判断模板文件是否存在
|
||||||
if (!FileUtil.exist(ParserUtil.buildTempletPath(category.getCategoryUrl()))) {
|
if (!FileUtil.exist(ParserUtil.buildTempletPath(category.getCategoryUrl()))) {
|
||||||
|
|
|
@ -108,7 +108,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
public void index(HttpServletRequest req, HttpServletResponse resp) {
|
public void index(HttpServletRequest req, HttpServletResponse resp) {
|
||||||
Map map = BasicUtil.assemblyRequestMap();
|
Map map = BasicUtil.assemblyRequestMap();
|
||||||
map.forEach((k,v)->{
|
map.forEach((k,v)->{
|
||||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||||
});
|
});
|
||||||
map.put(ParserUtil.URL, BasicUtil.getUrl());
|
map.put(ParserUtil.URL, BasicUtil.getUrl());
|
||||||
//动态解析
|
//动态解析
|
||||||
|
@ -140,6 +140,9 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
@GetMapping("/list.do")
|
@GetMapping("/list.do")
|
||||||
public void list(HttpServletRequest req, HttpServletResponse resp) {
|
public void list(HttpServletRequest req, HttpServletResponse resp) {
|
||||||
Map map = BasicUtil.assemblyRequestMap();
|
Map map = BasicUtil.assemblyRequestMap();
|
||||||
|
map.forEach((k,v)->{
|
||||||
|
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||||
|
});
|
||||||
//获取栏目编号
|
//获取栏目编号
|
||||||
int typeId = BasicUtil.getInt(ParserUtil.TYPE_ID,0);
|
int typeId = BasicUtil.getInt(ParserUtil.TYPE_ID,0);
|
||||||
int size = BasicUtil.getInt(ParserUtil.SIZE,10);
|
int size = BasicUtil.getInt(ParserUtil.SIZE,10);
|
||||||
|
@ -205,7 +208,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
orderby= orderby.replaceAll("('|\"|\\\\)","\\$1");
|
orderby= orderby.replaceAll("('|\"|\\\\)","\\\\$1");
|
||||||
PageBean page = new PageBean();
|
PageBean page = new PageBean();
|
||||||
//用于详情上下页获取当前文章列表对应的分类,根据文章查询只能获取自身分类
|
//用于详情上下页获取当前文章列表对应的分类,根据文章查询只能获取自身分类
|
||||||
String typeId = BasicUtil.getString(ParserUtil.TYPE_ID,article.getContentCategoryId());
|
String typeId = BasicUtil.getString(ParserUtil.TYPE_ID,article.getContentCategoryId());
|
||||||
|
@ -216,7 +219,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
Map map = BasicUtil.assemblyRequestMap();
|
Map map = BasicUtil.assemblyRequestMap();
|
||||||
map.forEach((k,v)->{
|
map.forEach((k,v)->{
|
||||||
//sql注入过滤
|
//sql注入过滤
|
||||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||||
});
|
});
|
||||||
//动态解析
|
//动态解析
|
||||||
map.put(ParserUtil.IS_DO,true);
|
map.put(ParserUtil.IS_DO,true);
|
||||||
|
@ -340,7 +343,8 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
if (field != null) {
|
if (field != null) {
|
||||||
for (Map.Entry<String, Object> entry : field.entrySet()) {
|
for (Map.Entry<String, Object> entry : field.entrySet()) {
|
||||||
if (entry != null) {
|
if (entry != null) {
|
||||||
String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\$1"); // 处理由get方法请求中文乱码问题
|
String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\\\$1"); // 处理由get方法请求中文乱码问题
|
||||||
|
value=clearXss(value);
|
||||||
if (ObjectUtil.isNull(value)) {
|
if (ObjectUtil.isNull(value)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -379,7 +383,8 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
StringBuilder urlParams=new StringBuilder();
|
StringBuilder urlParams=new StringBuilder();
|
||||||
searchMap.forEach((k,v)->{
|
searchMap.forEach((k,v)->{
|
||||||
//sql注入过滤
|
//sql注入过滤
|
||||||
searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||||
|
searchMap.put(k,clearXss(searchMap.get(k).toString()));
|
||||||
urlParams.append(k).append("=").append(searchMap.get(k)).append("&");
|
urlParams.append(k).append("=").append(searchMap.get(k)).append("&");
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -443,6 +448,23 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
this.outString(response, content);
|
this.outString(response, content);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 清除路径中的转义字符
|
||||||
|
private String clearXss(String value) {
|
||||||
|
|
||||||
|
if (value == null || "".equals(value)) {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
value = value.replaceAll("<", "<").replaceAll(">", ">");
|
||||||
|
value = value.replaceAll("\\(", "(").replace("\\)", ")");
|
||||||
|
value = value.replaceAll("'", "'");
|
||||||
|
value = value.replaceAll("eval\\((.*)\\)", "");
|
||||||
|
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']",
|
||||||
|
"\"\"");
|
||||||
|
value = value.replace("script", "");
|
||||||
|
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 存储自定义模型字段和接口参数
|
* 存储自定义模型字段和接口参数
|
||||||
|
|
|
@ -263,7 +263,7 @@
|
||||||
cms_content.id article_id,c.*
|
cms_content.id article_id,c.*
|
||||||
FROM cms_content
|
FROM cms_content
|
||||||
LEFT JOIN cms_category c ON content_category_id = c.id
|
LEFT JOIN cms_category c ON content_category_id = c.id
|
||||||
where del=0
|
where cms_content.del=0
|
||||||
<if test="appId > 0">
|
<if test="appId > 0">
|
||||||
and cms_content.app_id = #{appId}
|
and cms_content.app_id = #{appId}
|
||||||
</if>
|
</if>
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
server:
|
server:
|
||||||
port: 8081
|
port: 8081
|
||||||
servlet.session.timeout: P0DT60M0S #D天H小时M分钟S秒,字符T是紧跟在时分秒之前的,每个单位都必须由数字开始,且时分秒顺序不能乱
|
servlet.session.timeout: P0DT60M0S #D天H小时M分钟S秒,字符T是紧跟在时分秒之前的,每个单位都必须由数字开始,且时分秒顺序不能乱
|
||||||
|
# ssl: #https证书配置 配置了之后只能通过https访问应用
|
||||||
|
# key-store: ms.pfx 证书文件
|
||||||
|
# key-store-password: 3MU9t9Cz 证书密码
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
level:
|
level:
|
||||||
|
@ -10,9 +13,7 @@ logging:
|
||||||
path: log #会在项目的根目录下生成log目录,里面会生成对应的日期目录,日期目录下面生成日志压缩包备份文件,默认按每10M分割一个日志文件,例如:log/2020-01/app-2020-01-03-18.1.log.gz(表示2020年1月3号下午六点的第一个备份),也可以根据实际情况写绝对路径,例如:d:/log
|
path: log #会在项目的根目录下生成log目录,里面会生成对应的日期目录,日期目录下面生成日志压缩包备份文件,默认按每10M分割一个日志文件,例如:log/2020-01/app-2020-01-03-18.1.log.gz(表示2020年1月3号下午六点的第一个备份),也可以根据实际情况写绝对路径,例如:d:/log
|
||||||
|
|
||||||
ms:
|
ms:
|
||||||
mstore:
|
# scheme: https #解决使用代理服务器代理应用时标签解析域名依旧为http的问题
|
||||||
http: http://store.new.mingsoft.net
|
|
||||||
host: store.new.mingsoft.net
|
|
||||||
swagger:
|
swagger:
|
||||||
enable: true #启用swagger文档,生产的时候务必关掉
|
enable: true #启用swagger文档,生产的时候务必关掉
|
||||||
manager:
|
manager:
|
||||||
|
@ -66,6 +67,7 @@ spring:
|
||||||
expose-spring-macro-helpers: true
|
expose-spring-macro-helpers: true
|
||||||
prefer-file-system-access: false
|
prefer-file-system-access: false
|
||||||
template-loader-path: classpath:/WEB-INF/manager,classpath:/WEB-INF
|
template-loader-path: classpath:/WEB-INF/manager,classpath:/WEB-INF
|
||||||
|
#template-loader-path: file:WEB-INF/,file:WEB-INF/manager,classpath:/,classpath:/WEB-INF/manager,classpath:/WEB-INF 管理页面WEB-INF/manger单独配置在jar外面,修改部分ftl避免重新jar打包
|
||||||
settings:
|
settings:
|
||||||
template_update_delay: 1
|
template_update_delay: 1
|
||||||
default_encoding: UTF-8
|
default_encoding: UTF-8
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
</el-table-column>
|
</el-table-column>
|
||||||
<el-table-column label="标题" align="left" prop="categoryTitle">
|
<el-table-column label="标题" align="left" prop="categoryTitle">
|
||||||
</el-table-column>
|
</el-table-column>
|
||||||
<el-table-column label="属性" align="center" prop="categoryType" :formatter="categoryTypeFormat" width="70">
|
<el-table-column label="类型" align="center" prop="categoryType" :formatter="categoryTypeFormat" width="70">
|
||||||
</el-table-column>
|
</el-table-column>
|
||||||
<el-table-column label="排序" align="center" prop="categorySort" width="70">
|
<el-table-column label="排序" align="center" prop="categorySort" width="70">
|
||||||
</el-table-column>
|
</el-table-column>
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
<#include '/include/head-file.ftl'/>
|
<#include '/include/head-file.ftl'/>
|
||||||
<script src="${base}/static/plugins/sockjs/1.4.0/sockjs.min.js"></script>
|
<script src="${base}/static/plugins/sockjs/1.4.0/sockjs.min.js"></script>
|
||||||
<script src="${base}/static/plugins/stomp/2.3.3/stomp.min.js"></script>
|
<script src="${base}/static/plugins/stomp/2.3.3/stomp.min.js"></script>
|
||||||
|
<!-- 此部分是铭飞平台MStroe的客户端(MStore不在铭飞开源产品范围),如果不需要使用MStore可以删除掉 -->
|
||||||
<script src="https://cdn.mingsoft.net/ms/1.0/store.umd.min.js"></script>
|
<script src="https://cdn.mingsoft.net/ms/1.0/store.umd.min.js"></script>
|
||||||
<style>
|
<style>
|
||||||
.to-ele {
|
.to-ele {
|
||||||
|
|
Loading…
Reference in New Issue