Skip to content

Commit fb3fa39

Browse files
TommyLemonTommyLemon
authored
GETS/HEADS/PUT/DELETE 不允许前端传 @combine,感谢 cloudAndMonkey 的贡献 Tencent#494
Tencent#494
2 parents 65c3053 + 8bf7195 commit fb3fa39

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

APIJSONORM/src/main/java/apijson/orm/AbstractParser.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
import apijson.orm.exception.CommonException;
4040
import apijson.orm.exception.UnsupportedDataTypeException;
4141

42+
import static apijson.JSONObject.KEY_COMBINE;
4243
import static apijson.JSONObject.KEY_EXPLAIN;
4344
import static apijson.RequestMethod.CRUD;
4445
import static apijson.RequestMethod.GET;
@@ -2192,6 +2193,10 @@ private JSONObject batchVerify(RequestMethod method, String tag, int version, St
21922193
RequestMethod _method = null;
21932194
if (request.get(key) instanceof JSONObject) {
21942195
_method = RequestMethod.valueOf(request.getJSONObject(key).getString(apijson.JSONObject.KEY_METHOD).toUpperCase());
2196+
String combine = request.getJSONObject(key).getString(KEY_COMBINE);
2197+
if (combine != null && RequestMethod.isPublicMethod(_method) == false) {
2198+
throw new IllegalArgumentException(key + ":{} 里的 @combine:value 不合法!开放请求 GET、HEAD 才允许传 @combine:value !");
2199+
}
21952200
} else {
21962201
if (keyObjectAttributesMap.get(key) == null) {
21972202
if (method == RequestMethod.CRUD) {

0 commit comments

Comments
 (0)