fe / yoho-shop-manage · Commits

Go to a project

Authored by 陈峰
Commit 6580637217a5ffb4215ea07abcef31b98ce56f01 2 parents ceacf4f0 a9241759

Merge branch 'feature/hole' into 'release/3.1' 

Feature/hole



See merge request !28
Inline Side-by-side
Showing 19 changed files with 137 additions and 48 deletions
<template>
<editor :content="value" @change="change"></editor>
</template>
<script>
import xss from 'util/xss';
export default {
name: 'editor-safe',
props: ['content'],
data() {
return {
value: this.content
};
},
methods: {
change(val) {
let currentVal = val;
val = xss.replaceScript(val);
this.$emit('change', val);
if (currentVal !== val) {
this.value = val;
this.$Message.error('输入内容有敏感字符,已自动清除');
}
}
}
};
</script>
<style>
</style>
... ...
import Editor from './editor';
import EditorSafe from './editor-safe';
export default Editor;
export {
Editor,
EditorSafe
};
... ...
... ... @@ -9,7 +9,7 @@ import LayoutTab from './layout-tab';
import LayoutFilter from './layout-filter';
import LayoutPrint from './layout-print';
import ActionGroup from './action-group';
import Editor from './editor';
import {Editor, EditorSafe} from './editor';
import FileUpload from './file-upload';
import DragFileUpload from './drag-file-upload';
import IFrame from './iframe';
... ... @@ -28,6 +28,7 @@ export default {
LayoutPrint,
ActionGroup,
Editor,
EditorSafe,
FileUpload,
DragFileUpload,
IFrame,
... ...
... ... @@ -7,6 +7,7 @@ import Pop from './pop';
import Radio from './radio';
import Select from './select';
import Table from './table';
import Input from './input';
export default {
Cell,
... ... @@ -17,5 +18,6 @@ export default {
Pop,
Radio,
Select,
Table
Table,
Input
};
... ...
import InputSafe from './input-safe';
export default {
InputSafe
};
... ...
<template>
<Input :value="value" v-bind="$attrs" v-on="$listeners" />
</template>
<script>
import xss from 'util/xss';
export default {
name: 'input-safe',
props: ['value'],
created() {
this.$listeners.input = this.input;
},
methods: {
input(val) {
if (typeof val === 'string') {
this.value = xss.replaceIllegal(val);
} else {
this.value = val;
}
this.$emit('input', this.value);
if (this.value !== val) {
this.$Message.error('输入内容有敏感字符,已自动清除');
}
}
}
};
</script>
... ...
... ... @@ -52,7 +52,7 @@ export default {
return <span>颜色展示名称</span>;
}
if (this.isExist(params.index)) {
return h('Input', {
return h('input-safe', {
props: {
value: params.row.factoryGoodsName
},
... ... @@ -109,11 +109,11 @@ export default {
if (this.isExist(params.index)) {
return (
<i-input
<input-safe
value={params.row.factoryCode}
placeholder='请输入...'
onInput={val => (params.row.factoryCode = val)}
style={{width: '100%'}}></i-input>
style={{width: '100%'}}></input-safe>
);
}
return null;
... ... @@ -149,7 +149,7 @@ export default {
<div class={{'row-span': true}}>
<div style={{position: 'relative'}}>
<div class={{'size-code-error': size.validate && !size.name}}>
<i-input
<input-safe
value={size.name}
onInput={val => (size.name = val)}
disabled={!params.row.operator[i].value}
... ...
... ... @@ -58,7 +58,9 @@ export default {
};
},
created() {
this.isCaptcha = this.$cookie.get('_captcha');
this.isCaptcha = true;
// this.isCaptcha = this.$cookie.get('_captcha');
},
methods: {
handleSubmit(name) {
... ...
... ... @@ -16,15 +16,15 @@
<Form-item label="类目"> <span>{{sortName}}</span> </Form-item>
<Form-item label="商品名称" prop="productName">
<Input v-model="product.productName" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.productName" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="商品卖点">
<Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/>
<input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/>
</Form-item>
<Form-item label="商家商品编码" prop="factoryCode">
<Input v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="货品年" prop="goodsYears">
... ... @@ -73,11 +73,11 @@
<Row> <div class="create-item-title">商品价格</div> </Row>
<Form-item label="吊牌价" prop="retailPrice">
<Input v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="销售价" prop="salesPrice">
<Input v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
</Form>
... ...
... ... @@ -118,7 +118,7 @@
<Row>
<Col>
<editor :content="desc" :z-index="2" @change="updateProductDesc"></editor>
<editor-safe :content="desc" :z-index="2" @change="updateProductDesc"></editor-safe>
</Col>
</Row>
... ...
... ... @@ -14,13 +14,13 @@
<span>{{product.smallSortName}}</span>
</Form-item>
<Form-item label="商品名称" prop="productName">
<Input v-model="product.productName" placeholder="请输入..." />
<input-safe v-model="product.productName" placeholder="请输入..." />
</Form-item>
<Form-item label="商品卖点">
<Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/>
<input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/>
</Form-item>
<Form-item label="商家商品编码" prop="factoryCode">
<Input v-model="product.factoryCode" placeholder="请输入..." />
<input-safe v-model="product.factoryCode" placeholder="请输入..." />
</Form-item>
<Form-item label="货品年">
<Date-picker :value="product.goodsYears.toString()" type="year" placeholder="选择年" disabled>
... ... @@ -62,10 +62,10 @@
</Form-item>
<div class="create-item-title">商品价格</div>
<Form-item label="吊牌价">
<Input v-model="product.retailPrice" disabled placeholder="请输入..." />
<input-safe v-model="product.retailPrice" disabled placeholder="请输入..." />
</Form-item>
<Form-item label="销售价">
<Input v-model="product.salesPrice" disabled placeholder="请输入..." />
<input-safe v-model="product.salesPrice" disabled placeholder="请输入..." />
</Form-item>
<div class="create-group">
<span class="create-group-indicator"></span>
... ... @@ -81,9 +81,9 @@
<div class="create-item-title">商品描述
<span class="create-group-sub-title">(详情页内容)</span>
</div>
<editor :content="product.productIntro"
<editor-safe :content="product.productIntro"
@change="updateProductDesc"
:z-index="2"></editor>
:z-index="2"></editor-safe>
<div class="create-item-title">商品属性
<span class="create-group-sub-title">(请认真选择所列的属性项,所填内容会对商品搜索、智能推荐等功能产生影响,从而影响商品曝光展示)</span>
</div>
... ...
... ... @@ -3,7 +3,8 @@ export default function() {
return {
showLoading: true,
product: {
seasons: ''
seasons: '',
productIntro: ''
},
table: {
data: [],
... ...
... ... @@ -8,7 +8,7 @@
<div style="text-align: center">
<filter-item :label="'分类名称'">
<Input v-model="name" @on-enter="submit"/>
<input-safe v-model="name" @on-enter="submit"/>
</filter-item>
</div>
... ...
... ... @@ -12,8 +12,12 @@ export default function() {
},
{
title: '分类名称',
key: 'categoryName',
align: 'center',
render(h, params) {
return (
<span>{params.row.categoryName}</span>
);
}
},
{
title: '创建时间',
... ...
... ... @@ -24,8 +24,8 @@
<em class="upload-img-tip">尺寸要求150px*150px&nbsp;&nbsp;不大于500KB</em>
</Form-item>
<Form-item label="店铺简介:">
<editor :content="shopData.shopIntro" @change="updateData" :z-index="2">
</editor>
<editor-safe :content="shopData.shopIntro" @change="updateData" :z-index="2">
</editor-safe>
</Form-item>
<Form-item label="品牌-供应商:">
<Table :columns="tableCols" width="700" :data="tableData"></Table>
... ...
export default {
replaceIllegal: (str) => {
return str.replace(/<[^<>]+>/g, '');
},
replaceScript: (str) => {
return str.replace(/<\/?script>/g, '').replace(/javascript:/g, '').replace(/src=.*?\/\/.*?\.js('|")?/g, '');
}
};
... ...
... ... @@ -22,8 +22,8 @@
</div>
</Form-item>
<Form-item label="简介:" prop="intro">
<editor :content="modelData.intro" @change="editorChange" :z-index="2">
</editor>
<editor-safe :content="modelData.intro" @change="editorChange" :z-index="2">
</editor-safe>
</Form-item>
<Form-item>
<Button type="primary" @click="submit">保存</Button>
... ...
... ... @@ -27,28 +27,29 @@ class CaptchaController extends Context {
return request(`${captcha.verifiedGraphicCode}?imageView2/0/format/jpg/q/70|watermark/2/text/${uuid.v4()}/fontsize/120/dissolve/10`).pipe(res); // eslint-disable-line
}
check(req, res, next) {
let isCaptcha = req.session.isCaptcha;
// let isCaptcha = req.session.isCaptcha;
if (isCaptcha) {
if (req.body.captcha === req.session.captcha) {
if (new Date().getTime() > req.session.captchaTimeout) {
return res.json({
code: 400,
captcha: true,
expired: true,
message: '验证码过期'
});
}
return next();
} else {
// if (isCaptcha) {
if (req.body.captcha === req.session.captcha) {
if (new Date().getTime() > req.session.captchaTimeout) {
return res.json({
code: 400,
captcha: true,
message: '验证码错误'
expired: true,
message: '验证码过期'
});
}
return next();
} else {
return res.json({
code: 400,
captcha: true,
message: '验证码错误'
});
}
return next();
// }
// return next();
}
}
... ...
... ... @@ -46,21 +46,21 @@ module.exports = (req, res, next) => {
if (currentShop) {
let baseParams = {
pid: req.session.LOGIN_UID,
founder: req.session.LOGIN_UID,
pid: req.user.uid,
founder: req.user.uid,
shopsId: currentShop.shopsId,
shopId: currentShop.shopsId,
shop: currentShop.shopsId,
supplierId: currentShop.shopsBrands.length ? _.first(currentShop.shopsBrands).supplierId : 0,
platform_id: config.platform,
userId: req.session.LOGIN_UID
userId: req.user.uid
};
let reqParams = Object.assign({
url: apiUrl,
method: req.method.toLowerCase(),
headers: {
'x-shop-id': currentShop.shopsId,
'x-user-id': req.session.LOGIN_UID,
'x-user-id': req.user.uid,
'Content-Type': 'application/json'
}
});
... ... @@ -71,7 +71,7 @@ module.exports = (req, res, next) => {
}
if (req.method.toLowerCase() === 'get') {
reqParams.qs = Object.assign(baseParams, req.query, req.body);
reqParams.qs = Object.assign({}, req.query, req.body, baseParams);
} else if (files.length) {
let reqFiles = {};
... ...