白盒123

牢七2026-03-30 8:34

0x1 admin/folder/list

http://localhost:8080/jfinal_cms/admin/folder/list

java 复制代码 
@ControllerBind(controllerKey = "/admin/folder")
public class FolderController extends BaseProjectController {

	private static final String path = "/pages/admin/folder/folder_";

	public void index() {
		list();
	}

	public void list() {
		TbFolder model = getModelByAttr(TbFolder.class);

		SQLUtils sql = new SQLUtils(" from tb_folder t  " //
				+ " left join tb_folder f  on f.id = t.parent_id  where 1=1 ");
		sql.setAlias("t");
		if (model.getAttrValues().length != 0) {
			sql.whereLike("name", model.getStr("name"));
			sql.whereEquals("status", model.getInt("status"));
		}
//站点设置
//拼接语句
		int siteId = getSessionUser().getBackSiteId();
		sql.whereEquals("site_id", siteId);

// 排序
// 
		String orderBy = getBaseForm().getOrderBy();
		if (StrUtils.isEmpty(orderBy)) {
			sql.append(" order by t.sort,t.id ");
		} else {
			sql.append(" order by t.").append(orderBy);
		}

		Page<TbFolder> page = TbFolder.dao.paginate(getPaginator(), "select t.*,f.name as parentName ", //
				sql.toString().toString());

		// 下拉框
		setAttr("page", page);
		setAttr("attr", model);

		setAttr("folders", new FolderService().getFolders(siteId));
		render(path + "list.html");
	}

0x1 /admin/folder/delete/111

java 复制代码 
POST /jfinal_cms/admin/folder/delete/264 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 104
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/folder/delete/263
Cookie: JSESSIONID=8305D795FA806C4CE24C3273080B76B0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774769376; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i

form.orderColumn=&form.orderAsc=&attr.name=&attr.status=-1&totalRecords=4&pageNo=1&pageSize=20&length=10
java 复制代码 
public void delete() {
		// 不处理首页数据
		if (getParaToInt() == 1) {
			list();
			return;
		}

		// 日志添加
		TbFolder model = new TbFolder();
		Integer userid = getSessionUser().getUserid();
		String now = getNow();
		model.put("update_id", userid);
		model.put("update_time", now);
//这里删除,获取id
		model.deleteById(getParaToInt());

		// 更新目录缓存
		new FolderService().updateCache();

		list();
	}
java 复制代码 
public boolean deleteById(Object idValue) {
		if (idValue == null)
			throw new IllegalArgumentException("idValue can not be null");
		return deleteById(_getTable(), idValue);
	}
java 复制代码 
private boolean deleteById(Table table, Object... idValues) {
		Config config = _getConfig();
		Connection conn = null;
		try {
			conn = config.getConnection();
			String sql = config.dialect.forModelDeleteById(table);
			return Db.update(config, conn, sql, idValues) >= 1;
		} catch (Exception e) {
			throw new ActiveRecordException(e);
		} finally {
			config.close(conn);
		}
	}

0x2 /jfinal_cms/admin/folder/view/2

java 复制代码 
GET /jfinal_cms/admin/folder/edit/265 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/folder/delete/264
Cookie: JSESSIONID=8305D795FA806C4CE24C3273080B76B0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774769376; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Priority: u=4
java 复制代码 
public void edit() {
		TbFolder model = TbFolder.dao.findById(getParaToInt());
		setAttr("model", model);

		// 下拉框
		setAttr("selectParentFolder", selectFolderExcludeMe(model.getParentId(), model.getId()));

		render(path + "edit.html");
	}

0x3 /jfinal_cms/admin/folder/save/265

java 复制代码 
POST /jfinal_cms/admin/folder/save/265 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 302
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/folder/edit/265
Cookie: JSESSIONID=8305D795FA806C4CE24C3273080B76B0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774769376; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=4

model.id=265&model.parent_id=267&model.name=%E7%BD%91%E7%AB%99%E7%AB%99%E7%82%B9&model.material_type=102&model.key=website&model.path=home%2Fcommon_menu.html&model.sort=58&model.status=1&model.type=1&model.jump_url=111&model.content=123&model.seo_title=145&model.seo_keywords=&model.seo_description=999
java 复制代码 
public void save() {
		Integer pid = getParaToInt();
		TbFolder model = getModel(TbFolder.class);

		// 日志添加
		Integer userid = getSessionUser().getUserid();
		String now = getNow();
		model.put("update_id", userid);
		model.put("update_time", now);

		if (pid != null && pid > 0) { // 更新
			model.update();
		} else { // 新增
			// 站点设置
			model.setSiteId(getSessionUser().getBackSiteId());
//数据库连接
			model.remove("id");
			model.put("create_id", userid);
			model.put("create_time", now);
			model.save();
		}

0x4 /admin/folder/view/111

展开渲染

java 复制代码 
public void view() {
		TbFolder model = TbFolder.dao.findById(getParaToInt());
//渲染
		setAttr("model", model);
		TbFolder folder = TbFolder.dao.findById(model.getParentId());
//将名称存入模板
		model.put("parentName", folder != null ? folder.getName() : null);
		render(path + "view.html");
	}

0x5 /jfinal_cms/admin/folder/add/0

java 复制代码 
GET /jfinal_cms/admin/folder/add/0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/folder/list
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Priority: u=4
java 复制代码 
public void add() {
// 获取页面信息,设置目录传入
//目录视图渲染
//查找数据库
		TbFolder model = TbFolder.dao.findById(getParaToInt());
//添加模板
		setAttr("selectParentFolder", selectFolderExcludeMe(model == null ? 0 : model.getId(), 0));

//渲染
		render(path + "add.html");
	}

0x6 /jfinal_cms/admin/folder/list

java 复制代码 
POST /jfinal_cms/admin/folder/list HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/folder/list
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i

form.orderColumn=&form.orderAsc=&attr.name=11111&attr.status=-1&totalRecords=4&pageNo=1&pageSize=20&length=10
java 复制代码 
@ControllerBind(controllerKey = "/admin/folder")
public class FolderController extends BaseProjectController {

	private static final String path = "/pages/admin/folder/folder_";

	public void index() {
		list();
	}

	public void list() {
		TbFolder model = getModelByAttr(TbFolder.class);

		SQLUtils sql = new SQLUtils(" from tb_folder t  " //
				+ " left join tb_folder f  on f.id = t.parent_id  where 1=1 ");
		sql.setAlias("t");
		if (model.getAttrValues().length != 0) {
			sql.whereLike("name", model.getStr("name"));
			sql.whereEquals("status", model.getInt("status"));
		}
		// 站点设置
		int siteId = getSessionUser().getBackSiteId();
		sql.whereEquals("site_id", siteId);

		// 排序
		String orderBy = getBaseForm().getOrderBy();
		if (StrUtils.isEmpty(orderBy)) {
			sql.append(" order by t.sort,t.id ");
		} else {
			sql.append(" order by t.").append(orderBy);
		}

		Page<TbFolder> page = TbFolder.dao.paginate(getPaginator(), "select t.*,f.name as parentName ", //
				sql.toString().toString());

		// 下拉框
		setAttr("page", page);
		setAttr("attr", model);

		setAttr("folders", new FolderService().getFolders(siteId));
		render(path + "list.html");
	}

增删查改的逻辑感觉差不多,就不重复看了。

0x2 jfinal_cms/admin/home

纯渲染

java 复制代码 
@ControllerBind(controllerKey = "/admin/home")
public class AdminHomeController extends BaseProjectController {

	private static final String path = "/pages/admin/home/";

	public void index() {
		SysUser user = (SysUser) getSessionUser();
		if (user == null) {
			redirect(CommonController.firstPage);
			return;
		}
		setAttr("nowUser", user);

		
		// 最新文件
		Page<TbArticle> articlePage = TbArticle.dao.paginate(new Paginator(1, 10), "select t.*,f.name as folderName " //
				, " from tb_article t left join tb_folder f on f.id = t.folder_id " //
						+ " where t.status = 1 and t.type in (11,12) " // 查询状态为显示,类型是预览和正常的文章
						+ "  and f.site_id="+getBackSite().getId()
						+ " order by t.update_time desc,t.id desc");
		setAttr("articles", articlePage.getList());

		// 最新评论
		Page<TbComment> commentPage = TbComment.dao.paginate(new Paginator(1, 10), "select t.*,a.title articleName ", //
				" from tb_comment t " //
						+ " left join tb_article a on a.id = t.article_id where 1=1 order by t.id desc  ");
		setAttr("comments", commentPage.getList());

		// 最新用户
		Page<SysUser> userPage = SysUser.dao.paginate(new Paginator(1, 10), "select t.*,d.name as departname ", //
				" from sys_user t left join sys_department d on d.id = t.departid " //
						+ " where 1 = 1 and userid != 1 order by userid desc ");
		setAttr("users", userPage.getList());

		
		// 最新访问用户
		Page<TbPageView> pageViewPage = TbPageView.dao.paginate(new Paginator(1, 10), "select t.*", //
				" from tb_pageview t order by id desc ");
		setAttr("pageViews", pageViewPage.getList());
		
		
		render(path + "home.html");
	}
}

0x3 /jfinal_cms/admin/imageshow/list

0x1 jfinal_cms/admin/imagealbum/save

java 复制代码 
POST /jfinal_cms/admin/imagealbum/save/1 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 140
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/imagealbum/edit/1
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=4

model.id=1&model.parent_id=0&model.name=%E9%A3%8E%E6%99%AF&model.sort=&model.status=1&model.remark=%3Cscript%3Ealert%28666%29%3C%2Fscript%3E

0x2 jfinal_cms/admin/imagealbum/del

删除

java 复制代码 
public void del() {
		int id = getParaToInt();
		TbImage imag = TbImage.dao.findFirstByWhere(" where album_id = ? ", id);
		if (imag != null) {
			renderMessage("相册下存在图片,不能删除");
			return;
		}
		
		// 日志添加
		TbImageAlbum model = new TbImageAlbum();
		Integer userid = getSessionUser().getUserid();
		String now = getNow();
		model.put("update_id", userid);
		model.put("update_time", now);
		model.deleteById(id);
				
		renderMessage("删除成功");
	}
java 复制代码 
	public boolean deleteById(Object idValue) {
		if (idValue == null)
			throw new IllegalArgumentException("idValue can not be null");
		return deleteById(_getTable(), idValue);
	}
java 复制代码 
private boolean deleteById(Table table, Object... idValues) {
		Config config = _getConfig();
		Connection conn = null;
		try {
//获取通道
			conn = config.getConnection();
//获取语句
			String sql = config.dialect.forModelDeleteById(table);
			return Db.update(config, conn, sql, idValues) >= 1;
		} catch (Exception e) {
			throw new ActiveRecordException(e);
		} finally {
			config.close(conn);
		}
	}

0x3 list

form.orderColumn=&form.orderAsc=&attr.name=&attr.status=-1

name 与 attr.status=-1

java 复制代码 
POST /jfinal_cms/admin/imagealbum/save/2 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 104
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/imagealbum/edit/2
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=4

model.id=2&model.parent_id=0&model.name=%E7%BE%8E%E5%A5%B3&model.sort=2&model.status=1&model.remark=1111
java 复制代码 
	public void list() {
//模板信息
		TbImageAlbum model = getModelByAttr(TbImageAlbum.class);

		SQLUtils sql = new SQLUtils(" from tb_image_album t "
				+ " left join tb_image_album f  on f.id = t.parent_id  where 1=1 ");
//
		if (model.getAttrValues().length != 0) {
			sql.setAlias("t");
			sql.whereLike("name", model.getStr("name"));
			sql.whereEquals("status", model.getInt("status"));
		}

		// 排序
		String orderBy = getBaseForm().getOrderBy();

//拼接排序规则
		if (StrUtils.isEmpty(orderBy)) {
			sql.append(" order by t.sort,t.id desc");
		} else {
			sql.append(" order by t.").append(orderBy);
		}
				
		Page<TbImageAlbum> page = TbImageAlbum.dao.paginate(getPaginator(), "select t.*,f.name as parentName ", //
				sql.toString().toString());

		// 下拉框
		setAttr("page", page);
		setAttr("attr", model);
		render(path + "list.html");
	}
java 复制代码 
/**
     * 检查是否存在非法字符,防止SQL注入
     *
     * @param str 被检查的字符串
     * @return true-字符串中存在非法字符,false-不存在非法字符
     */
    public static boolean checkSQLInject(String str) {
        // 如果传入空串则认为不存在非法字符
        if (StrUtils.isEmpty(str)) {
            return false;
        }

        // 判断黑名单
        String[] blacks = {"script", "mid", "master", "truncate", "insert", "select", "delete", "update", "declare",
                "iframe", "'", "onreadystatechange", "alert", "atestu", "xss", ";", "'", "<", ">", "(", ")",
                // ",",, "\""
                "\\", "svg", "confirm", "prompt", "onload", "onmouseover", "onfocus", "onerror"};
        // 判断白名单
        String[] whites = {"updatetime", "update_time", "\""};

        // sql不区分大小写
        str = str.toLowerCase();

        for (int i = 0; i < whites.length; i++) {
            if (whites[i].equals(str)) {
                return false;
            }
        }

        for (int i = 0; i < blacks.length; i++) {
            if (str.indexOf(blacks[i]) >= 0) {
                logger.error("SQLInject 原因:特殊字符,传入str=" + str + ",包含特殊字符:" + blacks[i]);
                return true;
            }
        }
        return false;
    }
}

0x4 /jfinal_cms/admin/video/show/23

java 复制代码 
GET /jfinal_cms/admin/video/show/23 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/video/list
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
java 复制代码 
public void view() {
		TbVideo model = TbVideo.dao.findById(getParaToInt());
		setAttr("model", model);

		// 设置标签
		String tags = Db.findFirst("select group_concat(tagname) tags " //
				+ " from tb_video_tags where video_id = ? order by id", model.getInt("id")).getStr("tags");
		setAttr("tags", tags);

		render(path + "view.html");
	}

0x5/jfinal_cms/admin/advicefeedback/list

java 复制代码 
	public void list() {
		TbAdviceFeedback model = getModelByAttr(TbAdviceFeedback.class);

		SQLUtils sql = new SQLUtils(" from tb_advice_feedback t where 1=1 ");
		if (model.getAttrValues().length != 0) {
			sql.setAlias("t");
			// 查询条件
			sql.whereLike("username", model.getStr("username"));
			sql.whereLike("qq", model.getStr("qq"));
			sql.whereLike("email", model.getStr("email"));
			sql.whereLike("telphone", model.getStr("telphone"));
		}

		// 排序
		String orderBy = getBaseForm().getOrderBy();
		if (StrUtils.isEmpty(orderBy)) {
			sql.append(" order by t.id desc ");
		} else {
			sql.append(" order by ").append(orderBy);
		}

		Page<TbAdviceFeedback> page = TbAdviceFeedback.dao.paginate(getPaginator(), "select t.* ", //
				sql.toString().toString());

		// 下拉框
		setAttr("page", page);
		setAttr("attr", model);
		render(path + "list.html");
	}

0x6 /jfinal_cms/admin/operation

java 复制代码 
public void index() {
		render(path + "operation.html");
	}
java 复制代码 
<% 
DIRECTIVE SAFE_OUTPUT_OPEN;
var headContent = {
	include("/pages/template/head.html"){}
%>
<script type="text/javascript">
jQuery(function($) {
	//显示Menu索引
	showMenu('page_system');
	showMenu('page_operation');
});

function updateCache(){
	jQuery.ajax({
		type:'POST',
		url:'admin/operation/updateCache',
		success:function(data){
			if(data.status==1){
				Alert('更新成功');
			} else {
				Alert('更新失败');
			}
		},
		error:function(html){
			var flag = (typeof console != 'undefined');
			if(flag) console.log("服务器忙,提交数据失败,代码:" +html.status+ ",请联系管理员!");
			Alert("服务器忙,提交数据失败,请联系管理员!");
		}
	});
}
</script>

<%
};
var bodyContent = {
%>
<form name="form1" action="" method="post" class="form-horizontal" role="form">
	
	<!-- 菜单 -->
	<% include("/pages/template/menu.html"){} %>
		
	  <div class="container" style="padding: 5px 0px 5px 0px;text-align: center;">
	  	<div style="margin-top: 20px;">
	  	<span style="color: green;">更新索引:更新用户回复未读数、前台文章展示、前台目录缓存</span>
	  	</div>
	  	<div style="margin-top: 10px;">
		<button class="btn btn-primary" onclick="updateCache();return false;">更新索引</button>
		</div>
	  </div>
	  
</form>
<%}; %>

<% layout("/pages/template/_layout.html",{head:headContent,body:bodyContent}){ %>
DIRECTIVE SAFE_OUTPUT_CLOSE;
<%} %>

0x7 /jfinal_cms/admin/operation/updateCache

java 复制代码 
POST /jfinal_cms/admin/operation/updateCache HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,zh-HK;q=0.7,en-US;q=0.6,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/jfinal_cms/admin/operation
Cookie: JSESSIONID=B50AB827811DAA5428F611034C9CEFA0; Hm_lvt_1040d081eea13b44d84a4af639640d51=1774432118,1774498388,1774610423; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1774785474; HMACCOUNT=A2CF3FA6A7F759C5; session_user="VrhFVJS2SgewvZrFcwCawA=="
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Content-Length: 0
java 复制代码 
public void updateCache() {
		JSONObject json = new JSONObject();
		json.put("status", 2);// 失败

		SysUser user = (SysUser) getSessionUser();
		if (user == null || user.getInt("usertype") != 1) {
			json.put("msg", "您不是管理员,无法操作!");
			renderJson(json.toJSONString());
			return;
		}

		// 更新目录缓存
		new FolderService().updateCache();
		// 清除回复数缓存
		new CommentService().clearCache();
		// 清除所有前台缓存
		new FrontCacheService().clearCache();
		// 清除前台图片缓存
		new FrontImageService().clearCache();
		// 清除前台视频缓存
		new FrontVideoService().clearCache();

		json.put("status", 1);// 成功
		renderJson(json.toJSONString());
	}
相关推荐
kyle~2 小时前
操作系统---指令/调用体系(特权、访管/陷入、系统调用)
linux·操作系统
武藤一雄2 小时前
C# 中精准锁定类型信息指南:typeof vs GetType()
开发语言·windows·c#·.net·.netcore
m0_738120722 小时前
渗透测试——Ripper靶机详细横向渗透过程(rips扫描文件,水平横向越权,Webmin直接获取root权限)
linux·网络·数据库·安全·web安全·php
竹之却2 小时前
【Linux】Linux 中 .service 文件核心介绍
linux·运维·服务器·systemd·.service 文件
小江的记录本2 小时前
【端口号】计算机领域常见端口号汇总(完整版)
java·前端·windows·spring boot·后端·sql·spring
阿昭L2 小时前
浅析64位Windows的SEH机制
windows·逆向工程·seh
YoungHong19922 小时前
【图文】Codex接入Kimi K2/GLM-5.1 环境配置指南 (Windows/macOS/Ubuntu)
windows·ubuntu·macos
色空大师2 小时前
网站搭建实操(二)后台管理(1)登录
java·linux·数据库·搭建网站·论坛
朱一头zcy2 小时前
在CentOS7环境下安装MySQL详细步骤
linux·mysql
热门推荐
012026年3月AI领域大事件:DeepSeek引领开源风暴02GitHub 镜像站点03围棋-html版本04纯 HTML/CSS/JS 实现的高颜值登录页,还会眨眼睛!少女心爆棚!05班级宠物园部署指南06小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)07“wsl --install -d Ubuntu-22.04”下载慢,中国地区离线安装 Ubuntu 22.04 WSL方法(亲测2025年5月6日)08中国象棋-html版本09OpenClaw 使用和管理 MCP 完全指南10UV安装并设置国内源