Merge branch 'igirl-channel-web' of gitlab.gongsibao.com:jiangyong/zhichan into igirl-channel-web

182cc0c9 · 刘泽奇 · 8f0c3f3a · bbfc6be4 · 182cc0c9 · 182cc0c9
Commit 182cc0c9 authored Jul 14, 2020 by 刘泽奇
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 3 deletions

igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
+9 -1

igirl-channel-web/app/config/routes/web.js
+2 -2

No files found.
--- a/igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
+++ b/igirl-channel-web/app/base/controller/impl/trademark/tmqueryCtl.js
@@ -42,6 +42,13 @@ class tmqueryCtl extends CtlBase {
      if (!pobj.actionBody) {
        return system.getResult(null, "actionBody不能为空");
      }
+      if (pobj.requrl && pobj.requrl.indexOf('|') >= 0) {
+        return system.getResult(null, "非法请求！");
+      }
+      var tmpReqUrl = pobj.requrl.replace('|', '').replace(' ', '');
+      if (tmpReqUrl.length != pobj.requrl.length) {
+        return system.getResult(null, "非法请求！！");
+      }
      var reqobj = {
        "actionProcess": pobj.actionProcess || "",
        "actionType": pobj.actionType || "",
@@ -61,6 +68,7 @@ class tmqueryCtl extends CtlBase {
      var oldActionType = reqobj.actionType;
      var oldActionBody = reqobj.actionBody;
      var oldIsUser = reqobj.isUser;
+
      if (reqobj.isDecryptUser == "yes") {
        reqobj.actionType = "decryptStr";
        reqobj.isUser = "no";
@@ -571,7 +579,7 @@ class tmqueryCtl extends CtlBase {
      if (["FW_GOODS-582206-1", "FW_GOODS-582208-1", "FW_GOODS-582207-1"].indexOf(pushData.skuId) >= 0) {
        param.actionType = pushData.skuId == "FW_GOODS-582206-1" ? "updateOrderPayStatus" : "addOrderAndDelivery";
      }//商标的产品订单
-      else {        
+      else {
        param.actionBody.channelItemCode = pushData.serviceCode;
        param.actionType = "jdAddQifuOrder";
      }//工商产品订单

--- a/igirl-channel-web/app/config/routes/web.js
+++ b/igirl-channel-web/app/config/routes/web.js
@@ -157,7 +157,7 @@ module.exports = function (app) {
 		}
 		var getUserparams = {
 			actionProcess: "gsbhome",
-			channelUserId: userInfo.data.phone + "_" + userInfo.data.id,
+			channelUserId: userInfo.data.phone,
 			channelUserMoblie: userInfo.data.phone
 		};
 		var userItemResult = await tmqueryCtl.getUserIdEncryptStr(getUserparams, req.query, req);
@@ -210,7 +210,7 @@ module.exports = function (app) {
 		}
 		var reqParams = {
 			actionProcess: "gsbhome",
-			channelUserId: userInfo.data.phone + "_" + userInfo.data.id,
+			channelUserId: userInfo.data.phone,
 			channelUserMoblie: userInfo.data.phone,
 			needNoOrderNo: params.order_no
 		};