From 227628567354d3c156951009d683c6fec3006e0e Mon Sep 17 00:00:00 2001 From: "xueli.xue" Date: Fri, 30 Oct 2020 14:49:45 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E5=BA=A6=E4=B8=AD=E5=BF=83=E9=A1=B5?= =?UTF-8?q?=E9=9D=A2=E4=BA=A4=E4=BA=92=E4=BC=98=E5=8C=96=EF=BC=9A=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=AE=A1=E7=90=86=E6=A8=A1=E5=9D=97=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E5=88=97=E5=8F=96=E6=B6=88=EF=BC=9B=E5=A4=9A=E5=A4=84=E8=A1=A8?= =?UTF-8?q?=E8=BE=BEautocomplete=E5=8F=96=E6=B6=88=EF=BC=9B=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E5=99=A8=E7=AE=A1=E7=90=86=E6=A8=A1=E5=9D=97XSS?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=E6=A0=A1=E9=AA=8C=E7=AD=89=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/XXL-JOB官方文档.md | 2 ++ .../xxl/job/admin/controller/JobGroupController.java | 10 ++++++++++ .../com/xxl/job/admin/controller/UserController.java | 7 +++++++ .../src/main/resources/static/js/user.index.1.js | 2 +- .../resources/templates/jobgroup/jobgroup.index.ftl | 4 ++-- .../main/resources/templates/jobinfo/jobinfo.index.ftl | 6 +++--- 6 files changed, 25 insertions(+), 6 deletions(-) diff --git a/doc/XXL-JOB官方文档.md b/doc/XXL-JOB官方文档.md index 549192b7..56f33b3f 100644 --- a/doc/XXL-JOB官方文档.md +++ b/doc/XXL-JOB官方文档.md @@ -2062,9 +2062,11 @@ data: post-data - 16、调度中心组件加载顺序优化,修复极端情况下调度组件初始慢导致的调度失败问题; - 17、执行器注册线程优化,修复极端情况下初始化失败时导致NPE问题; - 18、执行器Commandhandler示例任务优化,修复极端情况下脚本进程挂起问题; +- 19、调度中心页面交互优化:用户管理模块密码列取消;多处表达autocomplete取消;执行器管理模块XSS拦截校验等; - 19、[ING]任务触发参数优化:支持选择 "Cron触发"、"固定间隔时间触发"、"指定时间点触发"、"不选择" 等; - 20、[ING]任务 misfire 策略:忽略、补偿一次、补偿最近10次……等; - 21、[规划中]执行器注册,异步写入; +- 22、[规划中]默认开启访问令牌鉴权; ### 7.32 版本 v2.3.0 Release Notes[规划中] diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java index 484d5ba5..4bb4b90a 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java @@ -68,13 +68,23 @@ public class JobGroupController { if (xxlJobGroup.getAppname().length()<4 || xxlJobGroup.getAppname().length()>64) { return new ReturnT(500, I18nUtil.getString("jobgroup_field_appname_length") ); } + if (xxlJobGroup.getAppname().contains(">") || xxlJobGroup.getAppname().contains("<")) { + return new ReturnT(500, "AppName"+I18nUtil.getString("system_unvalid") ); + } if (xxlJobGroup.getTitle()==null || xxlJobGroup.getTitle().trim().length()==0) { return new ReturnT(500, (I18nUtil.getString("system_please_input") + I18nUtil.getString("jobgroup_field_title")) ); } + if (xxlJobGroup.getTitle().contains(">") || xxlJobGroup.getTitle().contains("<")) { + return new ReturnT(500, I18nUtil.getString("jobgroup_field_title")+I18nUtil.getString("system_unvalid") ); + } if (xxlJobGroup.getAddressType()!=0) { if (xxlJobGroup.getAddressList()==null || xxlJobGroup.getAddressList().trim().length()==0) { return new ReturnT(500, I18nUtil.getString("jobgroup_field_addressType_limit") ); } + if (xxlJobGroup.getAddressList().contains(">") || xxlJobGroup.getAddressList().contains("<")) { + return new ReturnT(500, I18nUtil.getString("jobgroup_field_registryList")+I18nUtil.getString("system_unvalid") ); + } + String[] addresss = xxlJobGroup.getAddressList().split(","); for (String item: addresss) { if (item==null || item.trim().length()==0) { diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java index 573ffccf..3f4c7559 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java @@ -56,6 +56,13 @@ public class UserController { List list = xxlJobUserDao.pageList(start, length, username, role); int list_count = xxlJobUserDao.pageListCount(start, length, username, role); + // filter + if (list!=null && list.size()>0) { + for (XxlJobUser item: list) { + item.setPassword(null); + } + } + // package result Map maps = new HashMap(); maps.put("recordsTotal", list_count); // 总记录数 diff --git a/xxl-job-admin/src/main/resources/static/js/user.index.1.js b/xxl-job-admin/src/main/resources/static/js/user.index.1.js index 804640ea..48d3f302 100644 --- a/xxl-job-admin/src/main/resources/static/js/user.index.1.js +++ b/xxl-job-admin/src/main/resources/static/js/user.index.1.js @@ -33,7 +33,7 @@ $(function() { }, { "data": 'password', - "visible" : true, + "visible" : false, "width":'20%', "render": function ( data, type, row ) { return '*********'; diff --git a/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl b/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl index 05a6de19..778df9ec 100644 --- a/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl +++ b/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl @@ -28,13 +28,13 @@
AppName - +
${I18n.jobgroup_field_title} - +
diff --git a/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl b/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl index 0fdf2239..0e39c2a6 100644 --- a/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl +++ b/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl @@ -46,17 +46,17 @@
- +
- +
- +