@@ -106,27 +106,41 @@ public JSONObject onParseJSONObject(String key, JSONObject tobj, JSONObject robj
106106 } else {
107107 if (RequestMethod .isQueryMethod (method ) == false ) {
108108 //单个修改或删除
109- Object id = robj .get (KEY_ID ); //如果必须传 id ,可在Request表中配置necessary
110- if (id != null ) {
111- if (id instanceof Number == false ) {
112- throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
113- + " 里面的 " + KEY_ID + ":value 中value的类型只能是Long!" );
114- }
115- } else {
109+ Object id = null ;
110+ try {
111+ id = robj .getLong (KEY_ID ); //如果必须传 id ,可在Request表中配置NECESSARY
112+ } catch (Exception e ) {
113+ throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
114+ + " 里面的 " + KEY_ID + ":value 中value的类型只能是 Long !" );
115+ }
116+
117+ JSONArray idIn = null ;
118+ try {
119+ idIn = robj .getJSONArray (KEY_ID_IN ); //如果必须传 id{} ,可在Request表中配置NECESSARY
120+ } catch (Exception e ) {
121+ throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
122+ + " 里面的 " + KEY_ID_IN + ":value 中value的类型只能是 [Long] !" );
123+ }
124+ if (idIn == null ) {
116125 //批量修改或删除
117- Object arr = robj .get (KEY_ID_IN ); //如果必须传 id{} ,可在Request表中配置necessary
118- if (arr == null ) {
126+ if (id == null ) {
119127 throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
120- + " 里面 " + KEY_ID + " 和 " + KEY_ID_IN + " 必须传其中一个 !" );
128+ + " 里面 " + KEY_ID + " 和 " + KEY_ID_IN + " 至少传其中一个 !" );
121129 }
122- if (arr instanceof JSONArray == false ) {
123- throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
124- + " 里面的 " + KEY_ID_IN + ":value 中value的类型只能是 [Long] !" );
125- }
126- if (((JSONArray )arr ).size () > 10 ) { //不允许一次操作10条以上记录
130+ } else {
131+ if (idIn .size () > 10 ) { //不允许一次操作10条以上记录
127132 throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
128133 + " 里面的 " + KEY_ID_IN + ":[] 中[]的长度不能超过10!" );
129134 }
135+ //解决 id{}: ["1' OR 1='1'))--"] 绕过id{}限制
136+ for (int i = 0 ; i < idIn .size (); i ++) {
137+ try {
138+ idIn .getLong (i );
139+ } catch (Exception e ) {
140+ throw new IllegalArgumentException (method .name () + "请求," + name + "/" + key
141+ + " 里面的 " + KEY_ID_IN + ":[] 中所有项的类型都只能是Long!" );
142+ }
143+ }
130144 }
131145 }
132146 }
@@ -537,8 +551,8 @@ private static void sqlVerify(@NotNull String funChar, @NotNull JSONObject real,
537551 throw new IllegalArgumentException (rk + ":" + rv + "中value不合法!必须匹配 " + logic .getChar () + tv + " !" );
538552 }
539553 }
540-
541-
554+
555+
542556 /**验证是否重复
543557 * @param table
544558 * @param key
@@ -568,16 +582,16 @@ public static void verifyRepeat(String table, String key, Object value, long exc
568582 if (exceptId > 0 ) {//允许修改自己的属性为该属性原来的值
569583 request .put (JSONRequest .KEY_ID + "!" , exceptId );
570584 }
571- // JSONObject repeat = new AbstractParser(HEAD, true).parseResponse(
572- // new JSONRequest(table, request)
573- // );
574- // repeat = repeat == null ? null : repeat.getJSONObject(table);
575- // if (repeat == null) {
576- // throw new Exception("服务器内部错误 verifyRepeat repeat == null");
577- // }
578- // if (repeat.getIntValue(JSONResponse.KEY_COUNT) > 0) {
579- // throw new ConflictException(key + ": " + value + " 已经存在,不能重复!");
580- // }
585+ // JSONObject repeat = new AbstractParser(HEAD, true).parseResponse(
586+ // new JSONRequest(table, request)
587+ // );
588+ // repeat = repeat == null ? null : repeat.getJSONObject(table);
589+ // if (repeat == null) {
590+ // throw new Exception("服务器内部错误 verifyRepeat repeat == null");
591+ // }
592+ // if (repeat.getIntValue(JSONResponse.KEY_COUNT) > 0) {
593+ // throw new ConflictException(key + ": " + value + " 已经存在,不能重复!");
594+ // }
581595 }
582596
583597
0 commit comments