积分服务页面限制15有漏洞

e5bc2772 · guojuxing · 4623fda7 · e5bc2772
Commit e5bc2772 authored Jun 29, 2021 by guojuxing
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

AppletCustomPageApiServiceImpl.java ...se/service/outer/impl/AppletCustomPageApiServiceImpl.java +13 -6

No files found.
--- a/gic-platform-enterprise-service/src/main/java/com/gic/enterprise/service/outer/impl/AppletCustomPageApiServiceImpl.java
+++ b/gic-platform-enterprise-service/src/main/java/com/gic/enterprise/service/outer/impl/AppletCustomPageApiServiceImpl.java
@@ -97,12 +97,7 @@ public class AppletCustomPageApiServiceImpl implements AppletCustomPageApiServic
        //设置人群的页面
        if (AppletPageTypeEnum.needCrowdWidget(pageType)) {
            //如果是积分服务页面并且是保存并发布，则校验，不能超过15条
-            if (pageType == AppletPageTypeEnum.INTEGRAL_SERVICE.getCode() && saveType == 1) {
-                List<TabAppletCustomPage> integralServiceList = getPageListByAppId(enterpriseId, appType, appId, AppletPageTypeEnum.INTEGRAL_SERVICE.getCode());
-                if (integralServiceList != null && integralServiceList.size() >= 15) {
-                    throw new CommonException(ErrorCode.PARAMETER_ERROR.getCode(), "积分服务页面只能卡其15个");
-                }
-            }
+            validIntegralServicePageNum(pageType, saveType, enterpriseId, appType, appId);

            Long crowdWidgetId = jsonObject.getLong("crowdWidgetId");
            record.setCrowdWidgetId(crowdWidgetId);
@@ -422,6 +417,8 @@ public class AppletCustomPageApiServiceImpl implements AppletCustomPageApiServic
            appletCustomPageService.disableFetch(record.getEnterpriseId(), record.getAppType(), record.getAppId(),
                    record.getPageType());
        }
+        validIntegralServicePageNum(record.getPageType(), 1, record.getEnterpriseId(), record.getAppType(), record.getAppId());
+
        appletCustomPageService.updateStatus(pageId, 1);
        return ServiceResponse.success(record.getTitle());
    }
@@ -543,4 +540,14 @@ public class AppletCustomPageApiServiceImpl implements AppletCustomPageApiServic
        return record;
    }

+    private void validIntegralServicePageNum(Integer pageType, Integer saveType, Integer enterpriseId, Integer appType, String appId) {
+        //如果是积分服务页面并且是保存并发布，则校验，不能超过15条
+        if (pageType == AppletPageTypeEnum.INTEGRAL_SERVICE.getCode() && saveType == 1) {
+            List<TabAppletCustomPage> integralServiceList = getPageListByAppId(enterpriseId, appType, appId, AppletPageTypeEnum.INTEGRAL_SERVICE.getCode());
+            if (integralServiceList != null && integralServiceList.size() >= 15) {
+                throw new CommonException(ErrorCode.PARAMETER_ERROR.getCode(), "积分服务页面只能卡其15个");
+            }
+        }
+    }
+
 }