Ver código fonte

限制外链地址必须以http(s)://开头

RuoYi 5 anos atrás
pai
commit
8520ec0e27

+ 11 - 1
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java

@@ -13,6 +13,16 @@ public class Constants
13
     public static final String UTF8 = "UTF-8";
13
     public static final String UTF8 = "UTF-8";
14
 
14
 
15
     /**
15
     /**
16
+     * http请求
17
+     */
18
+    public static final String HTTP = "http://";
19
+
20
+    /**
21
+     * https请求
22
+     */
23
+    public static final String HTTPS = "https://";
24
+
25
+    /**
16
      * 成功标记
26
      * 成功标记
17
      */
27
      */
18
     public static final Integer SUCCESS = 200;
28
     public static final Integer SUCCESS = 200;
@@ -85,7 +95,7 @@ public class Constants
85
      * 验证码 redis key
95
      * 验证码 redis key
86
      */
96
      */
87
     public static final String CAPTCHA_CODE_KEY = "captcha_codes:";
97
     public static final String CAPTCHA_CODE_KEY = "captcha_codes:";
88
-    
98
+
89
     /**
99
     /**
90
      * 验证码有效期(分钟)
100
      * 验证码有效期(分钟)
91
      */
101
      */

+ 6 - 0
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/UserConstants.java

@@ -36,6 +36,12 @@ public class UserConstants
36
     /** 是否为系统默认(是) */
36
     /** 是否为系统默认(是) */
37
     public static final String YES = "Y";
37
     public static final String YES = "Y";
38
 
38
 
39
+    /** 是否菜单外链(是) */
40
+    public static final String YES_FRAME = "0";
41
+
42
+    /** 是否菜单外链(否) */
43
+    public static final String NO_FRAME = "1";
44
+
39
     /** 校验返回结果码 */
45
     /** 校验返回结果码 */
40
     public final static String UNIQUE = "0";
46
     public final static String UNIQUE = "0";
41
     public final static String NOT_UNIQUE = "1";
47
     public final static String NOT_UNIQUE = "1";

+ 12 - 0
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysMenuController.java

@@ -12,7 +12,9 @@ import org.springframework.web.bind.annotation.PutMapping;
12
 import org.springframework.web.bind.annotation.RequestBody;
12
 import org.springframework.web.bind.annotation.RequestBody;
13
 import org.springframework.web.bind.annotation.RequestMapping;
13
 import org.springframework.web.bind.annotation.RequestMapping;
14
 import org.springframework.web.bind.annotation.RestController;
14
 import org.springframework.web.bind.annotation.RestController;
15
+import com.ruoyi.common.core.constant.Constants;
15
 import com.ruoyi.common.core.constant.UserConstants;
16
 import com.ruoyi.common.core.constant.UserConstants;
17
+import com.ruoyi.common.core.utils.StringUtils;
16
 import com.ruoyi.common.core.web.controller.BaseController;
18
 import com.ruoyi.common.core.web.controller.BaseController;
17
 import com.ruoyi.common.core.web.domain.AjaxResult;
19
 import com.ruoyi.common.core.web.domain.AjaxResult;
18
 import com.ruoyi.common.log.annotation.Log;
20
 import com.ruoyi.common.log.annotation.Log;
@@ -96,6 +98,11 @@ public class SysMenuController extends BaseController
96
         {
98
         {
97
             return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
99
             return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
98
         }
100
         }
101
+        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
102
+                && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
103
+        {
104
+            return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
105
+        }
99
         menu.setCreateBy(SecurityUtils.getUsername());
106
         menu.setCreateBy(SecurityUtils.getUsername());
100
         return toAjax(menuService.insertMenu(menu));
107
         return toAjax(menuService.insertMenu(menu));
101
     }
108
     }
@@ -112,6 +119,11 @@ public class SysMenuController extends BaseController
112
         {
119
         {
113
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
120
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
114
         }
121
         }
122
+        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
123
+                && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
124
+        {
125
+            return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
126
+        }
115
         menu.setUpdateBy(SecurityUtils.getUsername());
127
         menu.setUpdateBy(SecurityUtils.getUsername());
116
         return toAjax(menuService.updateMenu(menu));
128
         return toAjax(menuService.updateMenu(menu));
117
     }
129
     }