🐛 前端排序条件失效 SqlFilterArgumentResolver

pig-mesh · Mar 4, 2024 · fa11eab · fa11eab
1 parent f79e8e4
commit fa11eab
Showing 1 changed file with 44 additions and 43 deletions.
diff --git a/...is/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java b/...is/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java
@@ -46,55 +46,56 @@
 @Slf4j
 public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
 
-	/**
-	 * 判断Controller是否包含page 参数
-	 * @param parameter 参数
-	 * @return 是否过滤
-	 */
-	@Override
-	public boolean supportsParameter(MethodParameter parameter) {
-		return parameter.getParameterType().equals(Page.class);
-	}
+    /**
+     * 判断Controller是否包含page 参数
+     *
+     * @param parameter 参数
+     * @return 是否过滤
+     */
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.getParameterType().equals(Page.class);
+    }
 
-	/**
-	 * @param parameter 入参集合
-	 * @param mavContainer model 和 view
-	 * @param webRequest web相关
-	 * @param binderFactory 入参解析
-	 * @return 检查后新的page对象
-	 * <p>
-	 * page 只支持查询 GET .如需解析POST获取请求报文体处理
-	 */
-	@Override
-	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
-			NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+    /**
+     * @param parameter     入参集合
+     * @param mavContainer  model 和 view
+     * @param webRequest    web相关
+     * @param binderFactory 入参解析
+     * @return 检查后新的page对象
+     * <p>
+     * page 只支持查询 GET .如需解析POST获取请求报文体处理
+     */
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
 
-		HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
+        HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
 
-		String[] ascs = request.getParameterValues("ascs");
-		String[] descs = request.getParameterValues("descs");
-		String current = request.getParameter("current");
-		String size = request.getParameter("size");
+        String[] ascs = request.getParameterValues("ascs");
+        String[] descs = request.getParameterValues("descs");
+        String current = request.getParameter("current");
+        String size = request.getParameter("size");
 
-		Page<?> page = new Page<>();
-		if (StrUtil.isNotBlank(current)) {
-			page.setCurrent(Long.parseLong(current));
-		}
+        Page<?> page = new Page<>();
+        if (StrUtil.isNotBlank(current)) {
+            page.setCurrent(Long.parseLong(current));
+        }
 
-		if (StrUtil.isNotBlank(size)) {
-			page.setSize(Long.parseLong(size));
-		}
+        if (StrUtil.isNotBlank(size)) {
+            page.setSize(Long.parseLong(size));
+        }
 
-		List<OrderItem> orderItemList = new ArrayList<>();
-		Optional.ofNullable(ascs)
-			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::asc).collect(Collectors.toList())));
-		Optional.ofNullable(descs)
-			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::desc).collect(Collectors.toList())));
-		page.addOrder(orderItemList);
+        List<OrderItem> orderItemList = new ArrayList<>();
+        Optional.ofNullable(ascs)
+                .ifPresent(s -> orderItemList.addAll(
+                        Arrays.stream(s).filter(asc -> !SqlInjectionUtils.check(asc)).map(OrderItem::asc).collect(Collectors.toList())));
+        Optional.ofNullable(descs)
+                .ifPresent(s -> orderItemList.addAll(
+                        Arrays.stream(s).filter(desc -> !SqlInjectionUtils.check(desc)).map(OrderItem::desc).collect(Collectors.toList())));
+        page.addOrder(orderItemList);
 
-		return page;
-	}
+        return page;
+    }
 
 }