SQL注入 移动端考试管理修改

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/components/sqlzdy/Service/SwdlServiceImpl.java

@@ -272,6 +272,9 @@ public class SwdlServiceImpl extends GenericProvider implements SwdlService {
                 if(BeanUtils.isNotEmpty(param.get("examType"))){
                     stringObjectHashMap.put("examType",String.join(",", (ArrayList)param.get("examType")));
                 }
+                if(BeanUtils.isNotEmpty(param.get("paperState"))){
+                    stringObjectHashMap.put("paperState",String.join(",", (ArrayList)param.get("paperState")));
+                }
             }
         }
         return stringObjectHashMap;

ibps-provider-root/modules/provider-business/src/main/resources/com/lc/ibps/klimsibps/mapping/UpdateDataTableMapper.xml

@@ -477,7 +477,9 @@
         <if test="@o.Ognl@isNotEmpty(map.faBuShiJianLower)">
             AND a.limitDate <![CDATA[ <= ]]> #{map.limitDateLower}
         </if>
-            AND paperState='未开始'
+        <if test="@o.Ognl@isNotEmpty(map.paperState)">
+            AND FIND_IN_SET(a.paperState, #{map.paperState})
+        </if>
             AND examState='已发布'
         </where>
         ORDER BY startDate
@@ -512,7 +514,9 @@
             <if test="@o.Ognl@isNotEmpty(map.faBuShiJianLower)">
                 AND a.limitDate <![CDATA[ <= ]]> #{map.limitDateLower}
             </if>
-            AND paperState='未开始'
+            <if test="@o.Ognl@isNotEmpty(map.paperState)">
+                AND a.paperState = #{map.paperState}
+            </if>
             AND examState='已发布'
         </where>
     </select>