Merge branch 'dev' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into dev

business/base-service/pom.xml

@@ -98,6 +98,12 @@
            <version>1.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.pdfbox</groupId>
            <artifactId>pdfbox</artifactId>
            <version>2.0.24</version>
        </dependency>
        <!--解析html-->
        <dependency>
            <groupId>org.jsoup</groupId>

business/base-service/src/main/java/com/yihu/jw/file_upload/FileUploadService.java

@@ -16,6 +16,8 @@ import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.text.PDFTextStripper;
import org.apache.poi.util.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -81,6 +83,10 @@ public class FileUploadService {
        if (!isFileFlag(fileType)){
            throw new FileWrongFormatException("不符合文件上传格式");
        }
//        PDDocument document = PDDocument.load(inputStream);
//        if (containsXSS(document)){
//            throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本！");
//        }
        long max = 5*1024*1024;
        if(fileSize > max){
@@ -167,6 +173,10 @@ public class FileUploadService {
        if (!isFileFlag(fileType)){
            throw new FileWrongFormatException("不符合文件上传格式");
        }
//        PDDocument document = PDDocument.load(inputStream);
//        if (containsXSS(document)){
//            throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本！");
//        }
        //上传到fastdfs
        ObjectNode objectNode = fastDFSHelper.upload(inputStream, fileType, "");
        //解析返回的objectNode
@@ -210,6 +220,10 @@ public class FileUploadService {
       if (!isFileFlag(type)){
           throw new FileWrongFormatException("不符合文件上传格式");
       }
//        PDDocument document = PDDocument.load(multipartFile.getInputStream());
//        if (containsXSS(document)){
//            throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本！");
//        }
        String response = request(wlyyUrl + "/upload/chat", multipartFile, type);
        org.json.JSONObject rs = new org.json.JSONObject(response);
@@ -519,6 +533,10 @@ public class FileUploadService {
        if (!isFileFlag(type)){
            throw new FileWrongFormatException("不符合文件上传格式");
        }
//        PDDocument document = PDDocument.load(file.getInputStream());
//        if (containsXSS(document)){
//            throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本！");
//        }
        HttpEntity entity = builder.build();
        httpPost.setEntity(entity);
        HttpResponse response = httpClient.execute(httpPost);// 执行提交
@@ -667,11 +685,20 @@ public class FileUploadService {
        logger.info(type);
        List img = new ArrayList(Arrays.asList("jpeg","bmp", "jpg", "png", "tif", "gif", "pcx", "tga", "exif", "fpx","psd",
                "cdr", "pcd", "dxf", "ufo", "eps", "ai", "raw", "WMF", "webp","xls","xlsx","text/plain","mp3","mp4","m4v","avi",
                "ogm","wmv","mpg","webm","ogv","mov","asx","mpeg","image/png","amr","doc","docx","pdf"));
                "ogm","wmv","mpg","webm","ogv","mov","asx","mpeg","image/png","amr","doc","docx"));
        if (!img.contains(type)) {
            return false;
        }
        return true;
    }
    public boolean containsXSS(PDDocument document) throws IOException {
        PDFTextStripper pdfStripper = new PDFTextStripper();
        String text = pdfStripper.getText(document);
        // 检测文本中是否包含恶意脚本
        return text.contains("<script>") || text.contains("javascript:") || text.contains("alert");
    }
}

business/base-service/src/main/java/com/yihu/jw/healthCare/service/HealthCareService.java

@@ -1935,6 +1935,9 @@ public class HealthCareService {
            String billSerial = jsonObject.getString("bill_serial");
            String personCash = jsonObject.getString("person_cash");
            String valiFlag = jsonObject.getString("vali_flag");
            String payDateStr = jsonObject.getString("pay_date");
            Date payDate = DateUtil.strToDate(payDateStr);
            Date now = DateUtil.getDateShort(new Date());
            YlzMedicalRelationDO ylzMedicalRelationDO = ylzMedicailRelationDao.findByInsuranceSerial(insuranceSerial);
            if (ylzMedicalRelationDO!=null){
@@ -1942,10 +1945,13 @@ public class HealthCareService {
                    throw new Exception("医保结算金额不一致！");
                }else {
                    if (valiFlag.equalsIgnoreCase("1")){
                        ylzMedicalRelationDO.setStatus(1);
                        ylzMedicalRelationDO.setBillSerial(billSerial);
                        ylzMedicalRelationDO.setPayDate(DateUtil.strToDate(jsonObject.getString("pay_date")+jsonObject.getString("pay_time")));
                        ylzMedicailRelationDao.save(ylzMedicalRelationDO);
                        if (payDate.compareTo(now)==0){
                            ylzMedicalRelationDO.setStatus(1);
                            ylzMedicalRelationDO.setBillSerial(billSerial);
                            ylzMedicalRelationDO.setPayDate(DateUtil.strToDate(jsonObject.getString("pay_date")+jsonObject.getString("pay_time")));
                            ylzMedicailRelationDao.save(ylzMedicalRelationDO);
                        }
                    }
                }
            }

svr/svr-internet-hospital/src/main/java/com/yihu/jw/hospital/endpoint/file_upload/FileUploadEndpoint.java

@@ -17,6 +17,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -176,6 +177,10 @@ public class FileUploadEndpoint extends EnvelopRestEndpoint {
        if (!fileUploadService.isFileFlag(type1)){
            throw new FileWrongFormatException("不符合文件上传格式");
        }
//        PDDocument document = PDDocument.load(file.getInputStream());
//        if (fileUploadService.containsXSS(document)){
//            throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本！");
//        }
        files.setObjectType(objectType);
        files.setSize(file.getSize());
        files.setTaskId(taskId);

svr/svr-internet-hospital/src/main/java/com/yihu/jw/hospital/endpoint/hospital/WlyyFamilyMemberController.java

@@ -137,8 +137,11 @@ public class WlyyFamilyMemberController extends EnvelopRestEndpoint {
                    if (null!=jsonObject.get("Phone_Number_Business")){
                        String Next_Of_Kin_Phone = jsonObject.get("Phone_Number_Business").toString();
                        if(!Next_Of_Kin_Phone.equalsIgnoreCase(phoneNum)){
                            String prefix = Next_Of_Kin_Phone.substring(0, 3);
                            String suffix = Next_Of_Kin_Phone.substring(7, 11);
                            String msg = prefix+"****"+suffix;
                            mixEnvelop.setStatus(408);
                            mixEnvelop.setMessage("您所添加的家属的电话有误，无法发送验证码");
                            mixEnvelop.setMessage("您输入的手机号码有误，无法发送验证码，预留号码是"+msg);
                            return mixEnvelop;
                        }
                    }