XSS漏洞

zhaoqing
Commit 30c25e675ec411872a1131fab7612c482c047a6d 1 parent 54900e2d
Showing 4 changed files with 47 additions and 3 deletions
code/apps/shop/controllers/sellerShopDecorator.js
code/apps/shop/interfaces/sellerShopDecorator.js
code/static/js.jquery/module/shop/Decoration.js
code/static/js.jquery/module/shop/modular/Decorator.js
--- a/code/apps/shop/controllers/sellerShopDecorator.js 0 → 100644
View file @30c25e6
+++ b/code/apps/shop/controllers/sellerShopDecorator.js 0 → 100644
View file @30c25e6
+ module.exports = function(app) {
+     // 存储装修模板
+     app.post("/shop/sellerDecoratorRest/saveDecoratorTemplate", "sellerDecorator_saveDecoratorTemplate");
+ 
+     // 更新装修模板
+     app.post("/shop/sellerDecoratorRest/updateDecoratorTemplate", "sellerDecorator_updateDecoratorTemplate");
+ 
+     //店铺装修保存
+     app.post("/shop/sellerDecoratorRest/saveShopsDecorator","sellerDecorator_saveShopsDecorator");
+ }
+ 
--- a/code/apps/shop/interfaces/sellerShopDecorator.js 0 → 100644
View file @30c25e6
+++ b/code/apps/shop/interfaces/sellerShopDecorator.js 0 → 100644
View file @30c25e6
+ module.exports = {
+     namespace: "sellerDecorator",
+     apis: {
+         saveDecoratorTemplate: {
+             title: "存储店铺装修模板",
+             url: "/sellerShopsDecoratorRest/saveDecoratorTemplate",
+             params: [
+                 {name: "shopId", type: "Number"},
+                 {name: "platform", type: "Number"},
+                 {name: 'platformType', type: 'Number'},
+                 {name: "appType", type: "Number"},
+                 {name: "templateName", type: "String"},
+                 {name: "templateType", type: "String"},
+                 {name: "modules", type: "String"},
+                 {name: "flag", type: "Number"}
+             ]
+         },
+ 
+         updateDecoratorTemplate: {
+             title: "更新店铺模板",
+             url: "/sellerShopsDecoratorRest/updateDecoratorTemplate",
+             params: [
+                 {name: "templateId", type: "Number"},
+                 {name: "shopId", type: "Number"},
+                 {name: "platform", type: "Number"},
+                 {name: 'platformType', type: 'Number'},
+                 {name: "appType", type: "Number"},
+                 {name: "templateName", type: "String"},
+                 {name: "modules", type: "String"}
+             ]
+         }
+     }
+ }
\ No newline at end of file
--- a/code/static/js.jquery/module/shop/Decoration.js
View file @30c25e6
+++ b/code/static/js.jquery/module/shop/Decoration.js
View file @30c25e6
@@ -375,7 +375,7 @@ function findTopHotProducts_APP(){
 function saveDecoration(submitStatus){
     console.log(jsonMain);
     common.util.__ajax({
-         url:'/shop/ShopsDecoratorRest/saveShopsDecorator',
+         url:'/shop/sellerDecoratorRest/saveShopsDecorator',
         data: {
             "submitStatus": submitStatus,
             "shopsId": jsonMain.shopsId,
--- a/code/static/js.jquery/module/shop/modular/Decorator.js
View file @30c25e6
+++ b/code/static/js.jquery/module/shop/modular/Decorator.js
View file @30c25e6
@@ -1871,7 +1871,7 @@ var saveTemplate = function(flag, name, cb) {
     }
 
     common.util.__ajax({
-             url: '/shop/ModularDecoratorRest/saveDecoratorTemplate',
+             url: '/shop/sellerDecoratorRest/saveDecoratorTemplate',
             data: {
                 shopId: Bll.shopId,
                 platform: +t.active ? 0 : 1,
@@ -1974,7 +1974,7 @@ $(document).on('click', '#updateBtn', function() {
     });
 
     common.util.__ajax({
-         url: "/shop/ModularDecoratorRest/updateDecoratorTemplate",
+         url: "/shop/sellerDecoratorRest/updateDecoratorTemplate",
         data: {
             templateId: templateId,
             shopId: Bll.shopId,