From 093eeb281f8e7c3847fac95fac53b6cbabd30eba Mon Sep 17 00:00:00 2001
From: liangkun <liangkun7173@hotmail.com>
Date: Fri, 5 Nov 2021 15:26:50 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=AE=BF=E8=88=8D?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=8A=9F=E8=83=BD=E7=BC=96=E5=8F=B7=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Views/Accommodation/Form.cshtml           | 24 +++++++++++--------
 .../Views/Accommodation/Index.js              |  2 ++
 .../Accommodation/Acc_DormitoryBuildEntity.cs |  5 ++++
 .../Accommodation/AccommodationService.cs     |  6 +++++
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml
index c96287895..e2b246b99 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Form.cshtml	
@@ -3,9 +3,13 @@
     Layout = "~/Views/Shared/_Form.cshtml";
 }
 <div class="lr-form-wrap">
+    <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
+        <div class="lr-form-item-title">编号</div>
+        <input id="DNo" type="text" class="form-control" />
+    </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">名称</div>
-        <input id="Name" type="text" class="form-control" />
+        <input id="Name" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">学生</div>
@@ -14,7 +18,7 @@
 
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">位置</div>
-        <input id="Address" type="text" class="form-control" />
+        <input id="Address" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">类别<font face="宋体">*</font></div>
@@ -24,7 +28,7 @@
     {
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">父单位</div>
-            <input id="ParentID" type="hidden" value="@ViewBag.ParentID" />
+            <input id="ParentID" type="hidden" value="@ViewBag.ParentID"/>
             <label class="form-control">@ViewBag.ParentName</label>
         </div>
 
@@ -52,30 +56,30 @@
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">负责人</div>
-        <input id="Functionary" type="text" class="form-control" />
+        <input id="Functionary" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">负责人电话</div>
-        <input id="Phone" type="text" class="form-control" />
+        <input id="Phone" type="text" class="form-control"/>
     </div>
     <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">价格</div>
-        <input id="Price" type="text" class="form-control" />
+        <input id="Price" type="text" class="form-control"/>
     </div>
 
     @if (ViewBag.BuildType == "4")
     {
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">舍长</div>
-            <input id="Leader" type="text" class="form-control" />
+            <input id="Leader" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">学生名字</div>
-            <input id="StudentID" type="text" class="form-control" />
+            <input id="StudentID" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">星级</div>
-            <input id="Starred" type="text" class="form-control" />
+            <input id="Starred" type="text" class="form-control"/>
         </div>
         <div class="col-xs-6 lr-form-item" data-table="Acc_DormitoryBuild">
             <div class="lr-form-item-title">是否独卫</div>
@@ -85,7 +89,7 @@
 
     <div class="col-xs-12 lr-form-item" data-table="Acc_DormitoryBuild">
         <div class="lr-form-item-title">备注</div>
-        <textarea id="Remark" class="form-control" style="height:100px;"></textarea>
+        <textarea id="Remark" class="form-control" style="height: 100px;"></textarea>
     </div>
 </div>
 @Html.AppendJsFile("/Areas/LogisticsManagement/Views/Accommodation/Form.js")
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js
index c2917124b..3f0bd4f34 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LogisticsManagement/Views/Accommodation/Index.js	
@@ -165,6 +165,7 @@ var bootstrap = function ($, learun) {
                 $('#gridtable').lrAuthorizeJfGridLei({
                     url: top.$.rootUrl + '/LogisticsManagement/Accommodation/GetPageList',
                     headData: [
+                        { label: "编号", name: "DNo", width: 100, align: "left" },
                         { label: "名称", name: "Name", width: 100, align: "left" },
                         { label: "学生名字", name: "StuName", width: 100, align: "left" },
 
@@ -208,6 +209,7 @@ var bootstrap = function ($, learun) {
                 $('#gridtable').lrAuthorizeJfGridLei({
                     url: top.$.rootUrl + '/LogisticsManagement/Accommodation/GetPageList',
                     headData: [
+                        { label: "编号", name: "DNo", width: 100, align: "left" },
                         { label: "名称", name: "Name", width: 100, align: "left" },
                         { label: "学生", name: "StudentID", width: 100, align: "left",
                             formatterAsync: function (callback, value, row, op, $cell) {
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs
index 8dfc1bb3a..4c0a5434b 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/Acc_DormitoryBuildEntity.cs	
@@ -20,6 +20,11 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
         [Column("ID")]
         public string ID { get; set; }
         /// <summary>
+        /// 编号
+        /// </summary>
+        [Column("DNo")]
+        public string DNo { get; set; }
+        /// <summary>
         /// 名称
         /// </summary>
         [Column("NAME")]
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs
index 72d6b7479..a50da8fc5 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Application.Module/Learun.Application.TwoDevelopment/LogisticsManagement/Accommodation/AccommodationService.cs	
@@ -34,6 +34,7 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
                 strSql.Append("SELECT ");
                 strSql.Append(@"
                 t.ID,
+                t.DNo,
                 t.Name,
                 t.Address,
                 t.Campus,
@@ -64,6 +65,11 @@ namespace Learun.Application.TwoDevelopment.LogisticsManagement
                     dp.Add("ParentID", queryParam["ParentID"].ToString(), DbType.String);
                     strSql.Append(" AND t.ParentID =@ParentID ");
                 }
+                if (!queryParam["DNo"].IsEmpty())
+                {
+                    dp.Add("DNo", queryParam["DNo"].ToString(), DbType.String);
+                    strSql.Append(" AND t.DNo =@DNo ");
+                }
                 if (!queryParam["Name"].IsEmpty())
                 {
                     dp.Add("Name", "%" + queryParam["Name"].ToString() + "%", DbType.String);

From 2e35fcb505efeceff4a22268f5d4a2adabe85633 Mon Sep 17 00:00:00 2001
From: liangkun <liangkun7173@hotmail.com>
Date: Mon, 8 Nov 2021 14:50:46 +0800
Subject: [PATCH 2/2] =?UTF-8?q?webapi=20sql=E6=B3=A8=E5=85=A5=E6=B5=8B?=
 =?UTF-8?q?=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Learun.Application.WebApi/Modules/BaseApi.cs     | 12 ++++++++++++
 .../Learun.Util/Learun.Util/Web/WebHelper.cs         |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs
index 79f18c5e3..d7bc44a92 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs	
@@ -175,11 +175,23 @@ namespace Learun.Application.WebApi
         /// <returns></returns>
         private Response BeforeRequest(NancyContext ctx)
         {
+            ctx.Request.Url.Query =Learun.Util.WebHelper.Formatstr(ctx.Request.Url.Query);
+            foreach (var p in ctx.Parameters)
+            {
+                if (p.ParameterType == typeof(string))
+                {
+                    if (ctx.Parameters[p.ParameterName] != null)
+                    {
+                        ctx.Parameters[p.ParameterName] = Learun.Util.WebHelper.Formatstr(ctx.Parameters[p.ParameterName].ToString());
+                    }
+                }
+            }
             string path = ctx.ResolvedRoute.Description.Path;
             //验证登录状态
             ReqParameter req = this.Bind<ReqParameter>();
             loginMark = req.loginMark;
             token = req.token;
+            
             if (path == "/learun/adms/user/login" || path == "/" || path == "/bgimg" || path == "/learun/adms/user/img" || path == "/learun/adms/desktop/img"||path== "/learun/adms/user/imgfordc")
             {// 登录接口，默认页面接口不做权限验证处理
                 return null;
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs
index a05421892..68ae49dd7 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs	
@@ -345,6 +345,7 @@ namespace Learun.Util
             System.Text.RegularExpressions.Regex regex10 = new System.Text.RegularExpressions.Regex(@"select", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             System.Text.RegularExpressions.Regex regex11 = new System.Text.RegularExpressions.Regex(@"update", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             System.Text.RegularExpressions.Regex regex12 = new System.Text.RegularExpressions.Regex(@"delete", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
+            System.Text.RegularExpressions.Regex regex13 = new System.Text.RegularExpressions.Regex(@"exec", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
             html = regex1.Replace(html, ""); //过滤<script></script>标记
             html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
             html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
@@ -352,6 +353,7 @@ namespace Learun.Util
             html = regex10.Replace(html, "s_elect");
             html = regex11.Replace(html, "u_pudate");
             html = regex12.Replace(html, "d_elete");
+            html = regex13.Replace(html, "e_xec");
             html = html.Replace("'", "’");
             html = html.Replace("&nbsp;", " ");
             return html;