定时任务目标字符串过滤特殊字符
This commit is contained in:
parent
db4c2d3dd5
commit
578d65dfb4
@ -142,16 +142,16 @@ public class Constants
|
|||||||
/**
|
/**
|
||||||
* RMI 远程方法调用
|
* RMI 远程方法调用
|
||||||
*/
|
*/
|
||||||
public static final String LOOKUP_RMI = "rmi://";
|
public static final String LOOKUP_RMI = "rmi:";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* LDAP 远程方法调用
|
* LDAP 远程方法调用
|
||||||
*/
|
*/
|
||||||
public static final String LOOKUP_LDAP = "ldap://";
|
public static final String LOOKUP_LDAP = "ldap:";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 定时任务违规的字符
|
* 定时任务违规的字符
|
||||||
*/
|
*/
|
||||||
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
|
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
|
||||||
"org.springframework.jndi" };
|
"org.springframework" };
|
||||||
}
|
}
|
@ -87,11 +87,11 @@ public class SysJobController extends BaseController
|
|||||||
}
|
}
|
||||||
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
|
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
|
||||||
{
|
{
|
||||||
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
|
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi'调用");
|
||||||
}
|
}
|
||||||
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
|
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
|
||||||
{
|
{
|
||||||
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用");
|
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap'调用");
|
||||||
}
|
}
|
||||||
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
|
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
|
||||||
{
|
{
|
||||||
@ -119,11 +119,11 @@ public class SysJobController extends BaseController
|
|||||||
}
|
}
|
||||||
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
|
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
|
||||||
{
|
{
|
||||||
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
|
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi'调用");
|
||||||
}
|
}
|
||||||
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
|
else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
|
||||||
{
|
{
|
||||||
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用");
|
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap'调用");
|
||||||
}
|
}
|
||||||
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
|
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user