Home Explore Help
Register Sign In
limeng
/
rdjt
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

润德漏洞修复

conghelong 1 year ago
parent
1b51dba03c
commit
9d0868f096
4 changed files with 36 additions and 8 deletions
Split View Show Diff Stats
  1. 30 2
      src/main/java/com/sooka/module/web/cms/ContentController.java
  2. 1 1
      src/main/resources/templates/cms/content_copy.html
  3. 4 4
      src/main/resources/templates/cms/content_input.html
  4. 1 1
      src/main/resources/templates/cms/content_list.html

+ 30 - 2
src/main/java/com/sooka/module/web/cms/ContentController.java
View File 

@@ -34,6 +34,8 @@ import java.lang.reflect.Field;
 
 import java.sql.SQLException;
 
 import java.text.DateFormat;
 
 import java.text.SimpleDateFormat;
 
+import java.time.LocalDate;
 
+import java.time.ZoneId;
 
 import java.util.*;
 
 import java.util.regex.Pattern;
 
 
@@ -91,9 +93,11 @@ public class ContentController{
 
             throw new CmsException("对不起,您没有当前栏目的管理权限!");
 
         }
 
         UserVo userVo = ((UserVo) ControllerUtil.getHttpSession().getAttribute(CmsConst.SITE_USER_SESSION_KEY));
 
+
 
         if(CmsUtil.isNullOrEmpty(userVo)) {
 
             throw  new UnauthenticatedException();
 
         }
 
+
 
         content.setSiteId(userVo.getSiteId());
 
         content.setUserId(userVo.getUserId());
 
         model.addAttribute("model",contentService.page(pageNumber,pageSize,content));
 
@@ -124,8 +128,31 @@ public class ContentController{
 
         }
 
         TCmsModel cmsModel = modelService.findById(category.getModelId());
 
         List<TCmsModelFiled> cmsModelFileds = modelFiledService.findModelFiledListByModelId(cmsModel.getModelId());
 
-        if(contentId!=null) {
 
-            model.addAttribute("content",contentService.findContentByContentIdAndTableName(contentId,cmsModel.getTableName()));
 
+        java.util.Date inputdate = new Date(); // 从content中获取inputdate的值
 
+
 
+        // 检查 inputdate 是否为 null
 
+        if (inputdate != null) {
 
+            // 将 Date 转换为 LocalDate
 
+            LocalDate localDate = inputdate.toInstant().atZone(ZoneId.systemDefault()).toLocalDate();
 
+            // 去除时间部分,只保留日期
 
+            LocalDate dateWithoutTime = LocalDate.of(localDate.getYear(), localDate.getMonthValue(), localDate.getDayOfMonth());
 
+            // 将 LocalDate 转换回 Date
 
+            inputdate = Date.from(dateWithoutTime.atStartOfDay(ZoneId.systemDefault()).toInstant());
 
+        }
 
+
 
+        if (contentId != null) {
 
+            // 查询内容并获取 obj
 
+            Map obj = contentService.findContentByContentIdAndTableName(contentId, cmsModel.getTableName());
 
+            // 检查 obj 中的 inputdate 是否为 null
 
+            Object inputDateObj = obj.get("inputdate");
 
+            if (inputDateObj instanceof Date) {
 
+                // 格式化 inputdate
 
+                Date inputDate = (Date) inputDateObj;
 
+                String formattedDate = new SimpleDateFormat("yyyy-MM-dd").format(inputDate);
 
+                obj.put("inputdate", formattedDate);
 
+            }
 
+            // 将 obj 添加到 model 中
 
+            model.addAttribute("content", obj);
 
         }
 
         model.addAttribute("modelFiled",cmsModelFileds);
 
         model.addAttribute("category",category);
 
@@ -133,6 +160,7 @@ public class ContentController{
 
         return "cms/content_input";
 
     }
 
 
+
 
     @SysLog("内容复制")
 
     @RequiresPermissions("content:input")
 
     @RequestMapping("/copy")

+ 1 - 1
src/main/resources/templates/cms/content_copy.html
View File 

@@ -222,7 +222,7 @@
 
             @if(filed.filedClass=="dateInput"){
 
             <label for="${filed.filedName!}" class="control-label x85">${filed.alias}:</label>
 
             <!--判断是否为日期输入框-->
 
-            <input type="text"  name="${filed.filedName!}" data-toggle="datepicker" value="${(!has(content)?filed.filedValue!:content[filed.filedName]),xss}" data-pattern="yyyy-MM-dd HH:mm:ss">
 
+            <input type="text"  name="${filed.filedName!}" data-toggle="datepicker" value="${(!has(content)?filed.filedValue!:content[filed.filedName]),xss}" data-pattern="yyyy-MM-dd ">
 
             @}
 
 
             @if(filed.filedClass=="radio"){

+ 4 - 4
src/main/resources/templates/cms/content_input.html
View File 

@@ -40,7 +40,7 @@
 
         // var htm= $("#CKEditor").val();
 
         var editor = CKEDITOR.instances.autoformat;
 
         //FormatText(htm);
 
-        formatText(editor,2,'SimSun','16');
 
+        formatText(editor,2,'SimSun','18');
 
     }
 
 
 
@@ -94,7 +94,7 @@
 
         <div class="form-group tc">
 
             <label for="j_inputdate" class="control-label x85">日期:</label>
 
             <input style="width:225px;margin-left:0px" name="inputdate"  id="j_inputdate" data-rule="required;" value="${content.inputdate!,xss}" class="laydate-icon timeUstyle stateUTime"
 
-                   onclick="laydate({istime: true,format:'YYYY-MM-DD hh:mm:ss'})"/>
 
+                   onclick="laydate({istime: true,format:'YYYY-MM-DD'})"/>
 
         </div>
 
 
         <hr class="tc" style="margin-top: 3px!important;padding-top: 3px;margin-bottom: 3px!important;">
 
@@ -117,7 +117,7 @@
 
         <hr class="tc" style="margin-top: 3px!important;padding-top: 3px;margin-bottom: 3px!important;">
 
         <div class="form-group tc">
 
 
-            <label class="control-label x85">封面图片:</label>
 
+            <label class="control-label x85">:</label>
 
             <div style="display: inline-block; vertical-align: middle;">
 
                 <div id="j_content_thumb" data-toggle="upload" data-uploader="${ctxPath}/uploads"
 
                      data-file-size-limit="1024000000"
 
@@ -277,7 +277,7 @@
 
             @if(filed.filedClass=="dateInput"){
 
             <label for="${filed.filedName!}" class="control-label x85">${filed.alias}:</label>
 
             <!--判断是否为日期输入框-->
 
-            <input type="text"  name="${filed.filedName!}" data-toggle="datepicker" value="${(!has(content)?filed.filedValue!:content[filed.filedName]),xss}" data-pattern="yyyy-MM-dd HH:mm:ss">
 
+            <input type="text"  name="${filed.filedName!}" data-toggle="datepicker" value="${(!has(content)?filed.filedValue!:content[filed.filedName]),xss}" data-pattern="yyyy-MM-dd">
 
             @}
 
 
             @if(filed.filedClass=="radio"){

+ 1 - 1
src/main/resources/templates/cms/content_list.html
View File 

@@ -79,7 +79,7 @@
 
                     <a target="_blank" href="${ctxPath}/${sitePrefix}/${content.siteId}/${content.categoryId}/${content.contentId}">${content.title!,xss}</a>
 
                 </td>
 
                 <td align="center">${content.viewNum!,xss}</td>
 
-                <td align="center">${content.inputdate!"N/A",dateFormat="yyyy/MM/dd HH:mm"}</td>
 
+                <td align="center">${content.inputdate!"N/A",dateFormat="yyyy/MM/dd"}</td>
 
                 <td align="center">
 
                     @if(isEmpty(content.recommend)||!content.recommend){
 
                     <span style="font-weight: 500;color:#4A8CDB"> 否</span>