深圳三院SQL注入修改-新加接口

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/business/service/impl/ReformServiceImpl.java

@@ -160,7 +160,14 @@ public class ReformServiceImpl implements ReformService {
                 " WHEN file.total_bytes_ >= 1024 THEN CONCAT(ROUND(file.total_bytes_ / 1024.0, 2), ' K')" +
                 " ELSE CONCAT(file.total_bytes_, 'B') END ,'）') as file_info_," +
                 " wj.wen_jian_xi_lei_,wj.wen_jian_bian_hao,wj.wen_jian_ming_che,wj.ban_ben_,wj.wen_jian_fu_jian_ AS fu_jian_," +
-                " wj.fa_bu_shi_jian_ as fa_fang_shi_jian_,'' AS cha_yue_jie_zhi_s  from t_wjxxb wj " +
+                " wj.fa_bu_shi_jian_ as fa_fang_shi_jian_,'' AS cha_yue_jie_zhi_s, " +
+                " wj.shi_fou_guo_shen_ AS shi_fou_guo_shen_, wj.bian_zhi_bu_men_ AS bian_zhi_bu_men_," +
+                " wj.bian_zhi_ren_ AS bian_zhi_ren_," +
+                " wj.bian_zhi_shi_jian AS bian_zhi_shi_jian," +
+                " wj.wen_jian_lei_xing AS wen_jian_lei_xing," +
+                " wj.quan_xian_lei_xin AS quan_xian_lei_xin," +
+                " wj.fa_bu_shi_jian_ AS fa_bu_shi_jian_," +
+                " wj.poct_shi_yong_ AS shi_yong_bu_men_  from t_wjxxb wj " +
                 " left join (select id_,parent_id_ from t_wjcyjl group by parent_id_) cy on cy.parent_id_ = wj.id_ " +
                 " left join (select id_,parent_id_ from t_wjscjl group by parent_id_) sc on sc.parent_id_ = wj.id_ " +
                 " left join ibps_file_attachment file on file.id_ = wj.wen_jian_fu_jian_";
@@ -194,7 +201,16 @@ public class ReformServiceImpl implements ReformService {
         String sxsql = "select wj.id_ as id,cy.id_ as cy_id_,sc.id_ as sc_id_,wj.shu_ju_lai_yuan_ AS shu_ju_lai_yuan_,file.ext_ AS ext_,file.FILE_PATH_ AS file_path_," +
                 "  CONCAT(file.file_name_, '.', file.ext_, '（',CASE WHEN file.total_bytes_ >= 1024 * 1024 THEN CONCAT(ROUND(file.total_bytes_ / (1024.0 * 1024), 2), ' M') " +
                 "  WHEN file.total_bytes_ >= 1024 THEN CONCAT(ROUND(file.total_bytes_ / 1024.0, 2), ' K') ELSE CONCAT(file.total_bytes_, 'B') END , '）') as file_info_," +
-                "  wj.wen_jian_xi_lei_,wj.wen_jian_bian_hao,wj.wen_jian_ming_che,wj.ban_ben_,wj.wen_jian_fu_jian_ AS fu_jian_,wj.fa_bu_shi_jian_ as fa_fang_shi_jian_,sq.cha_yue_jie_zhi_s FROM t_wjxxb wj " +
+                "  wj.wen_jian_xi_lei_,wj.wen_jian_bian_hao,wj.wen_jian_ming_che,wj.ban_ben_,wj.wen_jian_fu_jian_ AS fu_jian_,wj.fa_bu_shi_jian_ as fa_fang_shi_jian_,sq.cha_yue_jie_zhi_s, " +
+                "  wj.fa_bu_shi_jian_ as fa_fang_shi_jian_,'' AS cha_yue_jie_zhi_s, " +
+                "  wj.shi_fou_guo_shen_ AS shi_fou_guo_shen_, wj.bian_zhi_bu_men_ AS bian_zhi_bu_men_, " +
+                "  wj.bian_zhi_ren_ AS bian_zhi_ren_, " +
+                "  wj.bian_zhi_shi_jian AS bian_zhi_shi_jian, " +
+                "  wj.wen_jian_lei_xing AS wen_jian_lei_xing, " +
+                "  wj.quan_xian_lei_xin AS quan_xian_lei_xin, " +
+                "  wj.fa_bu_shi_jian_ AS fa_bu_shi_jian_,  " +
+                "  wj.poct_shi_yong_ AS shi_yong_bu_men_ " +
+                " FROM t_wjxxb wj " +
                 "  LEFT JOIN (SELECT * FROM t_skwjcysqsqzb WHERE parent_id_ in (SELECT id_ from t_skwjcysqsq WHERE shi_fou_guo_shen_='已完成' and bian_zhi_ren_='%s')) sq ON wj.id_ = sq.wen_jian_id_ " +
                 "  left join (select id_,parent_id_ from t_wjcyjl group by parent_id_) cy on cy.parent_id_ = wj.id_ " +
                 "  left join (select id_,parent_id_ from t_wjscjl group by parent_id_) sc on sc.parent_id_ = wj.id_ " +