linjj
/
emr_record_czry
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复mybatis安全漏洞

Browse Source
master
zengwh 4 years ago
parent 4ca7a4b017
commit a0dedc0c0a
10 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File

4
pom.xml
Unescape Escape View File

@ -21,8 +21,8 @@
<!-- begin 其它第三方开源版本定义 --> <!-- begin 其它第三方开源版本定义 -->
<jdk.version>1.8</jdk.version> <jdk.version>1.8</jdk.version>
<spring.version>5.0.2.RELEASE</spring.version> <spring.version>5.0.2.RELEASE</spring.version>
<mybatis.spring.version>1.2.2</mybatis.spring.version> <mybatis.spring.version>1.3.2</mybatis.spring.version>
<mybatis.version>3.2.8</mybatis.version> <mybatis.version>3.5.7</mybatis.version>
<mssql.version>7.4.1.jre8</mssql.version> <mssql.version>7.4.1.jre8</mssql.version>
<druid.version>1.1.22</druid.version> <druid.version>1.1.22</druid.version>
<shiro.version>1.2.5</shiro.version> <shiro.version>1.2.5</shiro.version>

12
src/main/java/com/emr/entity/recordType/Emr_Type.java
Unescape Escape View File

@ -34,7 +34,7 @@ public class Emr_Type {
} }
public void setTypeFlag(String typeFlag) { public void setTypeFlag(String typeFlag) {
this.typeFlag = typeFlag == null ? null : typeFlag.trim(); this.typeFlag = typeFlag;
} }
public String getTypeName() { public String getTypeName() {
@ -42,7 +42,7 @@ public class Emr_Type {
} }
public void setTypeName(String typeName) { public void setTypeName(String typeName) {
this.typeName = typeName == null ? null : typeName.trim(); this.typeName = typeName;
} }
public Integer getSelectFlag() { public Integer getSelectFlag() {
@ -74,7 +74,7 @@ public class Emr_Type {
} }
public void setCreater(String creater) { public void setCreater(String creater) {
this.creater = creater == null ? null : creater.trim(); this.creater = creater;
} }
public String getCreateTime() { public String getCreateTime() {
@ -82,7 +82,7 @@ public class Emr_Type {
} }
public void setCreateTime(String createTime) { public void setCreateTime(String createTime) {
this.createTime = createTime == null ? null : createTime.trim(); this.createTime = createTime;
} }
public String getUpdater() { public String getUpdater() {
@ -90,7 +90,7 @@ public class Emr_Type {
} }
public void setUpdater(String updater) { public void setUpdater(String updater) {
this.updater = updater == null ? null : updater.trim(); this.updater = updater;
} }
public String getUpdateTime() { public String getUpdateTime() {
@ -98,6 +98,6 @@ public class Emr_Type {
} }
public void setUpdateTime(String updateTime) { public void setUpdateTime(String updateTime) {
this.updateTime = updateTime == null ? null : updateTime.trim(); this.updateTime = updateTime;
} }
} }

3
src/main/java/com/emr/service/recordType/EmrTypeServiceImpl.java
Unescape Escape View File

@ -113,7 +113,8 @@ public class EmrTypeServiceImpl implements EmrTypeService {
@Override @Override
public Emr_Type selectByPrimaryKey(Integer id) { public Emr_Type selectByPrimaryKey(Integer id) {
return emrTypeMapper.selectByPrimaryKey(id); Emr_Type emr_type = emrTypeMapper.selectByPrimaryKey(id);
return emr_type;
} }
@Override @Override

4
src/main/resources/config/README.md
Unescape Escape View File

@ -5,4 +5,6 @@
#2.0.3 2021-12-23 #2.0.3 2021-12-23
修改常用查询删除查询条件内容不能查询全部的bug 修改常用查询删除查询条件内容不能查询全部的bug
#2.0.4 2022-01-05 #2.0.4 2022-01-05
解决xp系统使用病案预览全屏按钮点击失效问题 解决xp系统使用病案预览全屏按钮点击失效问题
#2.0.5 2022-01-14
升级mybatis安全漏洞3.2.8->3.5.7、mybatis-spring1.2.2->1.3.2

6
src/main/resources/mapper/Emr_DictionaryMapper.xml
Unescape Escape View File

@ -13,7 +13,7 @@
<result column="gb_code" property="gbCode" jdbcType="NCHAR" /> <result column="gb_code" property="gbCode" jdbcType="NCHAR" />
<result column="flag" property="flag" jdbcType="SMALLINT" /> <result column="flag" property="flag" jdbcType="SMALLINT" />
<result column="c_comment" property="cComment" jdbcType="NVARCHAR" /> <result column="c_comment" property="cComment" jdbcType="NVARCHAR" />
<result column="parent_id" property="parentId" jdbcType="NVARCHAR" /> <result column="parent_id" property="parentId" jdbcType="VARCHAR" />
<result column="effective" property="effective" jdbcType="INTEGER" /> <result column="effective" property="effective" jdbcType="INTEGER" />
<result column="updater" property="updater" jdbcType="NVARCHAR" /> <result column="updater" property="updater" jdbcType="NVARCHAR" />
<result column="update_time" property="updateTime" jdbcType="NCHAR" /> <result column="update_time" property="updateTime" jdbcType="NCHAR" />
@ -196,7 +196,7 @@
emr_dictionary.c_comment, emr_dictionary.c_comment,
case case
when emr_dictionary.parent_id = '0' then emr_dictionary.parent_id when emr_dictionary.parent_id = '0' then emr_dictionary.parent_id
else emr_dictionary1.id else convert(varchar(3000),emr_dictionary1.id)
end parent_id, end parent_id,
emr_dictionary.effective, emr_dictionary.effective,
emr_dictionary.remark, emr_dictionary.remark,
@ -210,7 +210,7 @@
END newName, END newName,
case case
when emr_dictionary.parent_id = '0' then emr_dictionary.parent_id when emr_dictionary.parent_id = '0' then emr_dictionary.parent_id
else emr_dictionary1.id else convert(varchar(3000),emr_dictionary1.id)
end newParentId end newParentId
FROM FROM
emr_dictionary emr_dictionary

4
src/main/resources/mapper/approve/Emr_Apply_ApproveMapper.xml
Unescape Escape View File

@ -9,10 +9,10 @@
<result column="effe_days" property="effeDays" jdbcType="INTEGER"/> <result column="effe_days" property="effeDays" jdbcType="INTEGER"/>
<result column="apply_type" property="applyType" jdbcType="NVARCHAR"/> <result column="apply_type" property="applyType" jdbcType="NVARCHAR"/>
<result column="apply_reason" property="applyReason" jdbcType="NVARCHAR"/> <result column="apply_reason" property="applyReason" jdbcType="NVARCHAR"/>
<result column="apply_state" property="applyState" jdbcType="NVARCHAR"/> <result column="apply_state" property="applyState" jdbcType="VARCHAR"/>
<result column="approver" property="approver" jdbcType="NVARCHAR"/> <result column="approver" property="approver" jdbcType="NVARCHAR"/>
<result column="approve_time" property="approveTime" jdbcType="NCHAR"/> <result column="approve_time" property="approveTime" jdbcType="NCHAR"/>
<result column="approve_state" property="approveState" jdbcType="NVARCHAR"/> <result column="approve_state" property="approveState" jdbcType="VARCHAR"/>
<result column="approve_notes" property="approveNotes" jdbcType="NVARCHAR"/> <result column="approve_notes" property="approveNotes" jdbcType="NVARCHAR"/>
<result column="patient_id" property="patientId" jdbcType="VARCHAR"/> <result column="patient_id" property="patientId" jdbcType="VARCHAR"/>
<result column="admiss_id" property="admissId" jdbcType="CHAR"/> <result column="admiss_id" property="admissId" jdbcType="CHAR"/>

4
src/main/resources/mapper/recordLock/Emr_LockMapper.xml
Unescape Escape View File

@ -195,8 +195,8 @@
emr_lock.unlocker, emr_lock.unlocker,
emr_lock.unlocke_time, emr_lock.unlocke_time,
commomtable.name, commomtable.name,
commomtable.admiss_times, emr_lock.admiss_times,
commomtable.inpatient_no emr_lock.inpatient_no
FROM FROM
emr_lock emr_lock
LEFT JOIN commomtable ON emr_lock.patient_id = commomtable.patient_id LEFT JOIN commomtable ON emr_lock.patient_id = commomtable.patient_id

8
src/main/resources/mapper/recordType/Emr_TypeMapper.xml
Unescape Escape View File

@ -3,14 +3,14 @@
<mapper namespace="com.emr.dao.recordType.Emr_TypeMapper" > <mapper namespace="com.emr.dao.recordType.Emr_TypeMapper" >
<resultMap id="BaseResultMap" type="com.emr.entity.recordType.Emr_Type" > <resultMap id="BaseResultMap" type="com.emr.entity.recordType.Emr_Type" >
<id column="id" property="id" jdbcType="INTEGER" /> <id column="id" property="id" jdbcType="INTEGER" />
<result column="type_flag" property="typeFlag" jdbcType="NVARCHAR" /> <result column="type_flag" property="typeFlag" jdbcType="VARCHAR" />
<result column="type_name" property="typeName" jdbcType="NVARCHAR" /> <result column="type_name" property="typeName" jdbcType="VARCHAR" />
<result column="select_flag" property="selectFlag" jdbcType="INTEGER" /> <result column="select_flag" property="selectFlag" jdbcType="INTEGER" />
<result column="effective" property="effective" jdbcType="INTEGER" /> <result column="effective" property="effective" jdbcType="INTEGER" />
<result column="type_sort" property="typeSort" jdbcType="INTEGER" /> <result column="type_sort" property="typeSort" jdbcType="INTEGER" />
<result column="creater" property="creater" jdbcType="NVARCHAR" /> <result column="creater" property="creater" jdbcType="VARCHAR" />
<result column="create_time" property="createTime" jdbcType="NCHAR" /> <result column="create_time" property="createTime" jdbcType="NCHAR" />
<result column="updater" property="updater" jdbcType="NVARCHAR" /> <result column="updater" property="updater" jdbcType="VARCHAR" />
<result column="update_time" property="updateTime" jdbcType="NCHAR" /> <result column="update_time" property="updateTime" jdbcType="NCHAR" />
</resultMap> </resultMap>
<sql id="Base_Column_List" > <sql id="Base_Column_List" >

2
src/main/webapp/WEB-INF/views/approveManage/collection/collectManage174.jsp
Unescape Escape View File

@ -519,7 +519,7 @@
}); });
}); });
</script> </script>
<script src="${path}/static/js/approveManage/collection/collectManage174.js?t=2019-11-20"></script> <script src="${path}/static/js/approveManage/collection/collectManage174.js?t=2022-01-14"></script>
<script src="${path}/static/js/approveManage/approveList/approveDateCommmomMethod.js"></script> <script src="${path}/static/js/approveManage/approveList/approveDateCommmomMethod.js"></script>
<script src="${path}/static/js/approveManage/approveList/approveSaveCommomMethodBlood.js"></script> <script src="${path}/static/js/approveManage/approveList/approveSaveCommomMethodBlood.js"></script>
<script src="${path}/static/js/dateUtil.js"></script> <script src="${path}/static/js/dateUtil.js"></script>

6
src/main/webapp/static/js/approveManage/collection/collectManage174.js
Unescape Escape View File

@ -69,7 +69,11 @@ $('#mytab').bootstrapTable({
title:'出院日期', title:'出院日期',
field:'disTime', field:'disTime',
formatter: function(value,row,index){ formatter: function(value,row,index){
return covertDate(value); if(value != '') {
return covertDate(value);
}else{
return value;
}
} }
}, },
{ {

Write Preview
Loading…
Cancel
Save