From fec73caa165bc53fd38562875c5b53acae085455 Mon Sep 17 00:00:00 2001
From: Administrator <15274802129@163.com>
Date: Wed, 21 May 2025 14:54:16 +0800
Subject: [PATCH] fix:修复会员查询 SQL 注入漏洞

---
 src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java |   41 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 41 insertions(+), 0 deletions(-)

diff --git a/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java b/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
index ff3fdea..6067990 100644
--- a/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
+++ b/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
@@ -1,6 +1,7 @@
 package cc.mrbird.febs.mall.controller;
 
 import cc.mrbird.febs.common.entity.FebsConstant;
+import cc.mrbird.febs.common.enumerates.CommonDictionaryEnum;
 import cc.mrbird.febs.common.enumerates.DataDictionaryEnum;
 import cc.mrbird.febs.common.utils.FebsUtil;
 import cc.mrbird.febs.mall.dto.*;
@@ -99,4 +100,44 @@
         model.addAttribute("indexVideoSet", adminIndexVideoDto);
         return FebsUtil.view("modules/system/indexVideo");
     }
+
+    @GetMapping("indexPng")
+    @RequiresPermissions("indexPng:update")
+    public String indexPngSet(Model model) {;
+        AdminIndexVideoDto adminIndexVideoDto = new AdminIndexVideoDto();
+//        DataDictionaryCustom pngDic = dataDictionaryCustomMapper.selectDicDataByTypeAndCode(
+//                CommonDictionaryEnum.PNG_URL_INDEX.getType(),
+//                CommonDictionaryEnum.PNG_URL_INDEX.getCode())
+//        if (ObjectUtil.isNotEmpty(pngDic)) {
+//            adminIndexVideoDto.setPngUrl(pngDic.getValue());
+//        }
+        DataDictionaryCustom timeDic = dataDictionaryCustomMapper.selectDicDataByTypeAndCode(
+                CommonDictionaryEnum.TIME_URL_INDEX.getType(),
+                CommonDictionaryEnum.TIME_URL_INDEX.getCode());
+        if (ObjectUtil.isNotEmpty(timeDic)) {
+            adminIndexVideoDto.setTimeStop(timeDic.getValue());
+        }
+        model.addAttribute("adminIndexVideoDto", adminIndexVideoDto);
+        return FebsUtil.view("modules/system/indexPng");
+    }
+
+
+
+    @GetMapping("faPiao")
+    @RequiresPermissions("faPiao:update")
+    public String faPiao(Model model) {
+        FaPiaoDto faPiaoDto = new FaPiaoDto();
+        DataDictionaryCustom dic = dataDictionaryCustomMapper.selectDicDataByTypeAndCode(DataDictionaryEnum.FP_CALLBACK_URL.getType(),
+                DataDictionaryEnum.FP_CALLBACK_URL.getCode());
+        if (dic != null) {
+            faPiaoDto.setCallbackUrl(dic.getValue());
+        }
+        model.addAttribute("faPiaoDto", faPiaoDto);
+        return FebsUtil.view("modules/system/faPiao");
+    }
+
+    @GetMapping("vipCenterSetting")
+    public String vipCenterSetting() {
+        return FebsUtil.view("modules/system/vipCenterSetting");
+    }
 }

--
Gitblit v1.9.1