Skip to content

Commit 4dc97ed

Browse files
TommyLemonTommyLemon
committed
Server:GETS和HEADS请求也不允许传@combine,避免可能绕过Request表里的规则校验
1 parent fb555e2 commit 4dc97ed

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@
2727
import static zuo.biao.apijson.JSONObject.KEY_USER_ID_IN;
2828
import static zuo.biao.apijson.RequestMethod.DELETE;
2929
import static zuo.biao.apijson.RequestMethod.GET;
30+
import static zuo.biao.apijson.RequestMethod.GETS;
31+
import static zuo.biao.apijson.RequestMethod.HEADS;
3032
import static zuo.biao.apijson.RequestMethod.POST;
3133
import static zuo.biao.apijson.RequestMethod.PUT;
3234
import static zuo.biao.apijson.SQL.AND;
@@ -1364,8 +1366,8 @@ public static AbstractSQLConfig newSQLConfig(RequestMethod method, String table,
13641366

13651367
String[] ws = StringUtil.split(combine);
13661368
if (ws != null) {
1367-
if (method == DELETE) {
1368-
throw new IllegalArgumentException("DELETE请求不允许传 @combine:\"conditons\" !");
1369+
if (method == DELETE || method == GETS || method == HEADS) {
1370+
throw new IllegalArgumentException("DELETE,GETS,HEADS 请求不允许传 @combine:\"conditons\" !");
13691371
}
13701372
whereList = new ArrayList<>();
13711373

0 commit comments

Comments
 (0)