1 an în urmă · 7503bcb275
--- a/doc/XXL-JOB官方文档.md
+++ b/doc/XXL-JOB官方文档.md
@@ -2369,8 +2369,12 @@ public void execute() {
 
				 ### 7.35 版本 v2.4.2 Release Notes[规划中]
			
 
				 - 1、【升级】多个项目依赖升级至较新稳定版本，涉及netty、groovy、gson、springboot、mybatis等；
			
 
				 - 2、【修复】"CVE-2024-42681" 子任务越权漏洞修复；
			
 
				+- 3、【修复】"CVE-2023-33779" 任务API越权问题修复；
			
 
				 - 3、【优化】Cron解析组件优化代码优化。
			
 
				-- 4、【优化】修改密码交互优化，解决CSRF隐患。
			
 
				+- 4、【优化】修改密码交互调整，解决CSRF问题隐患。
			
 
				+
			
 
				+备注：“CVE-2024-38820”漏洞源自spring，当前使用spring5.x及springboot2.x软件普遍受该问题影响。
			
 
				+该问题修复需要升级至spring6.x与springboot3.x，如有诉求可自行升级，计划下个大版本升级spring相关版本解决该问题。
			
 
				 
			
 
				 
			
 
				 
			
--- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobCodeController.java
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobCodeController.java
@@ -56,7 +56,7 @@ public class JobCodeController {
 
				 	

			
 
				 	@RequestMapping("/save")

			
 
				 	@ResponseBody

			
 
				-	public ReturnT<String> save(Model model, int id, String glueSource, String glueRemark) {

			
 
				+	public ReturnT<String> save(HttpServletRequest request, int id, String glueSource, String glueRemark) {

			
 
				 		// valid

			
 
				 		if (glueRemark==null) {

			
 
				 			return new ReturnT<String>(500, (I18nUtil.getString("system_please_input") + I18nUtil.getString("jobinfo_glue_remark")) );

			
@@ -64,23 +64,26 @@ public class JobCodeController {
 
				 		if (glueRemark.length()<4 || glueRemark.length()>100) {

			
 
				 			return new ReturnT<String>(500, I18nUtil.getString("jobinfo_glue_remark_limit"));

			
 
				 		}

			
 
				-		XxlJobInfo exists_jobInfo = xxlJobInfoDao.loadById(id);

			
 
				-		if (exists_jobInfo == null) {

			
 
				+		XxlJobInfo existsJobInfo = xxlJobInfoDao.loadById(id);

			
 
				+		if (existsJobInfo == null) {

			
 
				 			return new ReturnT<String>(500, I18nUtil.getString("jobinfo_glue_jobid_unvalid"));

			
 
				 		}

			
 
				+

			
 
				+		// valid permission

			
 
				+		PermissionInterceptor.validJobGroupPermission(request, existsJobInfo.getJobGroup());

			
 
				 		

			
 
				 		// update new code

			
 
				-		exists_jobInfo.setGlueSource(glueSource);

			
 
				-		exists_jobInfo.setGlueRemark(glueRemark);

			
 
				-		exists_jobInfo.setGlueUpdatetime(new Date());

			
 
				+		existsJobInfo.setGlueSource(glueSource);

			
 
				+		existsJobInfo.setGlueRemark(glueRemark);

			
 
				+		existsJobInfo.setGlueUpdatetime(new Date());

			
 
				 

			
 
				-		exists_jobInfo.setUpdateTime(new Date());

			
 
				-		xxlJobInfoDao.update(exists_jobInfo);

			
 
				+		existsJobInfo.setUpdateTime(new Date());

			
 
				+		xxlJobInfoDao.update(existsJobInfo);

			
 
				 

			
 
				 		// log old code

			
 
				 		XxlJobLogGlue xxlJobLogGlue = new XxlJobLogGlue();

			
 
				-		xxlJobLogGlue.setJobId(exists_jobInfo.getId());

			
 
				-		xxlJobLogGlue.setGlueType(exists_jobInfo.getGlueType());

			
 
				+		xxlJobLogGlue.setJobId(existsJobInfo.getId());

			
 
				+		xxlJobLogGlue.setGlueType(existsJobInfo.getGlueType());

			
 
				 		xxlJobLogGlue.setGlueSource(glueSource);

			
 
				 		xxlJobLogGlue.setGlueRemark(glueRemark);

			
 
				 

			
@@ -89,7 +92,7 @@ public class JobCodeController {
 
				 		xxlJobLogGlueDao.save(xxlJobLogGlue);

			
 
				 

			
 
				 		// remove code backup more than 30

			
 
				-		xxlJobLogGlueDao.removeOld(exists_jobInfo.getId(), 30);

			
 
				+		xxlJobLogGlueDao.removeOld(existsJobInfo.getId(), 30);

			
 
				 

			
 
				 		return ReturnT.SUCCESS;

			
 
				 	}