From 7b601a3e8f6de4acc9d6b9885ef23d6c90a4f349 Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期三, 28 十二月 2022 13:26:33 +0800
Subject: [PATCH] 使用#替代$,防止SQL注入的风险(主要防止模糊查询sql部分的注入)。
---
src/main/java/com/genersoft/iot/vmp/web/gb28181/ApiDeviceController.java | 30 +++++++++++++++++-------------
1 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/web/gb28181/ApiDeviceController.java b/src/main/java/com/genersoft/iot/vmp/web/gb28181/ApiDeviceController.java
index 8d1f0c3..a5458b0 100644
--- a/src/main/java/com/genersoft/iot/vmp/web/gb28181/ApiDeviceController.java
+++ b/src/main/java/com/genersoft/iot/vmp/web/gb28181/ApiDeviceController.java
@@ -1,10 +1,11 @@
package com.genersoft.iot.vmp.web.gb28181;
-import com.alibaba.fastjson.JSONArray;
-import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson2.JSONArray;
+import com.alibaba.fastjson2.JSONObject;
import com.genersoft.iot.vmp.gb28181.bean.Device;
import com.genersoft.iot.vmp.gb28181.bean.DeviceChannel;
-import com.genersoft.iot.vmp.storager.IVideoManagerStorager;
+import com.genersoft.iot.vmp.service.IDeviceService;
+import com.genersoft.iot.vmp.storager.IVideoManagerStorage;
import com.github.pagehelper.PageInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -25,7 +26,9 @@
private final static Logger logger = LoggerFactory.getLogger(ApiDeviceController.class);
@Autowired
- private IVideoManagerStorager storager;
+ private IVideoManagerStorage storager;
+ @Autowired
+ private IDeviceService deviceService;
// @Autowired
// private SIPCommander cmder;
@@ -37,7 +40,7 @@
// private DeviceOffLineDetector offLineDetector;
/**
- * 鍒嗛〉鑾峰彇璁惧鍒楄〃 TODO 鐜板湪鐩存帴杩斿洖锛屽皻鏈疄鐜板垎椤�
+ * 鍒嗛〉鑾峰彇璁惧鍒楄〃 鐜板湪鐩存帴杩斿洖锛屽皻鏈疄鐜板垎椤�
* @param start
* @param limit
* @param q
@@ -91,6 +94,7 @@
@RequestMapping(value = "/channellist")
public JSONObject channellist( String serial,
+ @RequestParam(required = false)String code,
@RequestParam(required = false)String channel_type,
@RequestParam(required = false)String dir_serial ,
@RequestParam(required = false)Integer start,
@@ -110,14 +114,14 @@
return result;
}
List<DeviceChannel> deviceChannels;
+ List<DeviceChannel> allDeviceChannelList = storager.queryChannelsByDeviceId(serial);
if (start == null || limit ==null) {
- deviceChannels = storager.queryChannelsByDeviceId(serial);
+ deviceChannels = allDeviceChannelList;
result.put("ChannelCount", deviceChannels.size());
}else {
- start ++;
- PageInfo pageResult = storager.queryChannelsByDeviceId(serial, null, null, null,start, limit);
- result.put("ChannelCount", pageResult.getList().size());
- deviceChannels = pageResult.getList();
+ deviceChannels = storager.queryChannelsByDeviceIdWithStartAndLimit(serial, null, null, null,start, limit);
+ int total = allDeviceChannelList.size();
+ result.put("ChannelCount", total);
}
JSONArray channleJSONList = new JSONArray();
@@ -127,11 +131,11 @@
deviceJOSNChannel.put("DeviceID", device.getDeviceId());
deviceJOSNChannel.put("DeviceName", device.getName());
deviceJOSNChannel.put("DeviceOnline", device.getOnline() == 1);
- deviceJOSNChannel.put("Channel", 0); // TODO 鑷畾涔夊簭鍙�
+ deviceJOSNChannel.put("Channel", 0); // 鑷畾涔夊簭鍙�
deviceJOSNChannel.put("Name", deviceChannel.getName());
deviceJOSNChannel.put("Custom", false);
deviceJOSNChannel.put("CustomName", "");
- deviceJOSNChannel.put("SubCount", deviceChannel.getSubCount()); // TODO ? 瀛愯妭鐐规暟, SubCount > 0 琛ㄧず璇ラ�氶亾涓哄瓙鐩綍
+ deviceJOSNChannel.put("SubCount", deviceChannel.getSubCount()); // 瀛愯妭鐐规暟, SubCount > 0 琛ㄧず璇ラ�氶亾涓哄瓙鐩綍
deviceJOSNChannel.put("SnapURL", "");
deviceJOSNChannel.put("Manufacturer ", deviceChannel.getManufacture());
deviceJOSNChannel.put("Model", deviceChannel.getModel());
@@ -145,7 +149,7 @@
// 1-IETF RFC3261,
// 2-鍩轰簬鍙d护鐨勫弻鍚戣璇�,
// 3-鍩轰簬鏁板瓧璇佷功鐨勫弻鍚戣璇�
- deviceJOSNChannel.put("Status", deviceChannel.getStatus());
+ deviceJOSNChannel.put("Status", deviceChannel.getStatus() == 1 ? "ON":"OFF");
deviceJOSNChannel.put("Longitude", deviceChannel.getLongitude());
deviceJOSNChannel.put("Latitude", deviceChannel.getLatitude());
deviceJOSNChannel.put("PTZType ", deviceChannel.getPTZType()); // 浜戝彴绫诲瀷, 0 - 鏈煡, 1 - 鐞冩満, 2 - 鍗婄悆,
--
Gitblit v1.8.0