tj

9819e7b1 · 宋毅 · 02d48c44 · 9819e7b1
Commit 9819e7b1 authored May 25, 2020 by 宋毅
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletions

igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
+9 -1

No files found.
--- a/igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
+++ b/igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
@@ -42,6 +42,13 @@ class tmqueryCtl extends CtlBase {
      if (!pobj.actionBody) {
        return system.getResult(null, "actionBody不能为空");
      }
+      if (pobj.requrl && pobj.requrl.indexOf('|') >= 0) {
+        return system.getResult(null, "非法请求！");
+      }
+      var tmpReqUrl = pobj.requrl.replace('|', '').replace(' ', '');
+      if (tmpReqUrl.length != pobj.requrl.length) {
+        return system.getResult(null, "非法请求！！");
+      }
      var reqobj = {
        "actionProcess": pobj.actionProcess || "",
        "actionType": pobj.actionType || "",
@@ -61,6 +68,7 @@ class tmqueryCtl extends CtlBase {
      var oldActionType = reqobj.actionType;
      var oldActionBody = reqobj.actionBody;
      var oldIsUser = reqobj.isUser;
+
      if (reqobj.isDecryptUser == "yes") {
        reqobj.actionType = "decryptStr";
        reqobj.isUser = "no";
@@ -571,7 +579,7 @@ class tmqueryCtl extends CtlBase {
      if (["FW_GOODS-582206-1", "FW_GOODS-582208-1", "FW_GOODS-582207-1"].indexOf(pushData.skuId) >= 0) {
        param.actionType = pushData.skuId == "FW_GOODS-582206-1" ? "updateOrderPayStatus" : "addOrderAndDelivery";
      }//商标的产品订单
-      else {        
+      else {
        param.actionBody.channelItemCode = pushData.serviceCode;
        param.actionType = "jdAddQifuOrder";
      }//工商产品订单