center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix(消息管理): 删除已读消息api存在IDOR漏洞

Browse Source
This commit is contained in:
fit2cloud-chenyw 2023-05-15 14:13:01 +08:00
parent 96323624a4
commit 52b67a04df
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/main/java/io/dataease/ext/ExtSysMsgMapper.java
View File

@ -29,9 +29,10 @@ public interface ExtSysMsgMapper {
"<foreach collection='msgIds' item='msgId' open='(' separator=',' close=')' >",
" #{msgId}",
"</foreach>",
" and user_id = #{uid} ",
"</script>"
})
int batchDelete(@Param("msgIds") List<Long> msgIds);
int batchDelete(@Param("msgIds") List<Long> msgIds, @Param("uid") Long uid);
int batchInsert(@Param("settings") List<SysMsgSetting> settings);

2
backend/src/main/java/io/dataease/service/message/SysMsgService.java
View File

@ -109,7 +109,7 @@ public class SysMsgService {
}
public void batchDelete(List<Long> msgIds) {
extSysMsgMapper.batchDelete(msgIds);
extSysMsgMapper.batchDelete(msgIds, AuthUtils.getUser().getUserId());
}
public void save(SysMsg sysMsg) {