diff --git a/app/Http/Controllers/Mobile/CourseController.php b/app/Http/Controllers/Mobile/CourseController.php index 798be57..f872de5 100755 --- a/app/Http/Controllers/Mobile/CourseController.php +++ b/app/Http/Controllers/Mobile/CourseController.php @@ -9,6 +9,7 @@ use App\Helpers\ResponseCode; use App\Models\AccompanyOrder; use App\Models\AppointmentTotalLog; use App\Models\Calendar; +use App\Models\Company; use App\Models\Config; use App\Models\Course; use App\Models\CourseAppointmentTotal; @@ -124,10 +125,10 @@ class CourseController extends CommonController ]); } ])->withCount([ - 'courseSigns as my_user' => function ($query) { - $query->where('user_id', $this->getUserId()); - } - ])->find($all['course_id']); + 'courseSigns as my_user' => function ($query) { + $query->where('user_id', $this->getUserId()); + } + ])->find($all['course_id']); return $this->success($detail); } @@ -266,6 +267,17 @@ class CourseController extends CommonController return $this->fail([ResponseCode::ERROR_PARAMETER, '以下字段为必填项:' . implode('、', $missingFields)]); } } + // 检测 company_name 字段是否包含特殊符号 + if (isset($all['data']) && is_array($all['data'])) { + foreach ($all['data'] as $item) { + if (isset($item['field']) && $item['field'] === 'company_name' && !empty($item['value'])) { + $validation = Company::validateCompanyName($item['value']); + if (!$validation['valid']) { + return $this->fail([ResponseCode::ERROR_BUSINESS, $validation['message']]); + } + } + } + } $result = CourseSign::create([ 'is_change' => $all['is_change'] ?? 0, 'course_id' => $all['course_id'], @@ -803,54 +815,54 @@ class CourseController extends CommonController $query->where('status', 1); } })->with([ - 'courseSigns' => function ($query) use ($all) { - $query->where('status', 1)->whereHas('course', function ($q) { - $q->where('is_fee', 1); - })->with('course.teacher', 'course.typeDetail') - ->orderByRaw("FIELD(fee_status, 1, 0, 2,3)"); - if (isset($all['course_id'])) { - $query->where('course_id', $all['course_id']); - } - } - ])->where(function ($query) use ($all) { - if ($all['type'] == 1) { - $query->where('is_schoolmate', 1); - } - if (isset($all['name'])) { - $query->where('name', 'like', '%' . $all['name'] . '%'); - } - if (isset($all['company_business'])) { - $query->where('company_business', 'like', '%' . $all['company_business'] . '%'); - } - if (isset($all['company_name'])) { - $query->where('company_name', 'like', '%' . $all['company_name'] . '%'); - } - if (isset($all['company_position'])) { - $query->where('company_position', $all['company_position']); - } - if (isset($all['company_area'])) { - $query->where('company_area', 'like', '%' . $all['company_area'] . '%'); - } - if (isset($all['company_type'])) { - $company_type = explode(',', $all['company_type']); - $query->where(function ($q) use ($company_type) { - foreach ($company_type as $v) { - $q->orWhereRaw('FIND_IN_SET(?, company_type)', [$v]); + 'courseSigns' => function ($query) use ($all) { + $query->where('status', 1)->whereHas('course', function ($q) { + $q->where('is_fee', 1); + })->with('course.teacher', 'course.typeDetail') + ->orderByRaw("FIELD(fee_status, 1, 0, 2,3)"); + if (isset($all['course_id'])) { + $query->where('course_id', $all['course_id']); + } } - }); - } - if (isset($all['company_industry'])) { - $company_industry = explode(',', $all['company_industry']); - $query->where(function ($q) use ($company_industry) { - foreach ($company_industry as $v) { - $q->orWhereRaw('FIND_IN_SET(?, company_industry)', [$v]); + ])->where(function ($query) use ($all) { + if ($all['type'] == 1) { + $query->where('is_schoolmate', 1); + } + if (isset($all['name'])) { + $query->where('name', 'like', '%' . $all['name'] . '%'); + } + if (isset($all['company_business'])) { + $query->where('company_business', 'like', '%' . $all['company_business'] . '%'); + } + if (isset($all['company_name'])) { + $query->where('company_name', 'like', '%' . $all['company_name'] . '%'); + } + if (isset($all['company_position'])) { + $query->where('company_position', $all['company_position']); + } + if (isset($all['company_area'])) { + $query->where('company_area', 'like', '%' . $all['company_area'] . '%'); + } + if (isset($all['company_type'])) { + $company_type = explode(',', $all['company_type']); + $query->where(function ($q) use ($company_type) { + foreach ($company_type as $v) { + $q->orWhereRaw('FIND_IN_SET(?, company_type)', [$v]); + } + }); + } + if (isset($all['company_industry'])) { + $company_industry = explode(',', $all['company_industry']); + $query->where(function ($q) use ($company_industry) { + foreach ($company_industry as $v) { + $q->orWhereRaw('FIND_IN_SET(?, company_industry)', [$v]); + } + }); + } + if (isset($all['letter'])) { + $query->where('letter', $all['letter']); } }); - } - if (isset($all['letter'])) { - $query->where('letter', $all['letter']); - } - }); if (isset($all['type']) && $all['type'] == 2) { $list = $list->orderBy('letter')->paginate(10); } else { diff --git a/app/Http/Controllers/Mobile/UserController.php b/app/Http/Controllers/Mobile/UserController.php index 9250802..31a19b0 100755 --- a/app/Http/Controllers/Mobile/UserController.php +++ b/app/Http/Controllers/Mobile/UserController.php @@ -10,6 +10,7 @@ use App\Helpers\StarterResponseCode; use App\Jobs\SendAppointCar; use App\Jobs\SendCourseCar; use App\Models\Appointment; +use App\Models\Company; use App\Models\Config; use App\Models\CourseContentCheck; use App\Models\CourseSign; @@ -181,6 +182,13 @@ class UserController extends CommonController if (isset($all['name']) && !empty($all['name'])) { $all['letter'] = strtoupper(Pinyin::abbr(mb_substr($all['name'], 0, 1))[0]); } + // 如果上传了company_name,检测是否包含特殊符号 + if (isset($all['company_name']) && !empty($all['company_name'])) { + $validation = Company::validateCompanyName($all['company_name']); + if (!$validation['valid']) { + return $this->fail([ResponseCode::ERROR_BUSINESS, $validation['message']]); + } + } $model->fill($all); $model->save(); // 如果有公司信息,就更新一下公司 @@ -232,10 +240,10 @@ class UserController extends CommonController { $user = User::with('appointments') ->withCount([ - 'appointments as pass_appointments' => function ($query) { - $query->whereIn('status', [0, 1]); - } - ])->with([ + 'appointments as pass_appointments' => function ($query) { + $query->whereIn('status', [0, 1]); + } + ])->with([ 'courseSigns' => function ($query) { $query->whereHas('course')->with('course.typeDetail')->where('status', 1)->where('fee_status', 1); } diff --git a/app/Models/Company.php b/app/Models/Company.php index afaa617..b102b44 100644 --- a/app/Models/Company.php +++ b/app/Models/Company.php @@ -331,4 +331,92 @@ class Company extends SoftDeletesModel return false; } + /** + * 验证公司名称是否包含特殊符号 + * @param string $companyName 公司名称 + * @return array 返回结果 ['valid' => bool, 'message' => string] + */ + public static function validateCompanyName($companyName) + { + if (empty($companyName)) { + return ['valid' => true, 'message' => '']; + } + + // 定义不允许的特殊符号(包含中英文标点符号,键盘上能打出来的所有标点符号) + $forbiddenChars = [ + // 英文标点符号 + '/', + '\\', + '.', + ',', + ';', + ':', + "'", + '"', + '?', + '!', + '@', + '#', + '$', + '%', + '^', + '&', + '*', + '(', + ')', + '[', + ']', + '{', + '}', + '|', + '`', + '~', + '-', + '_', + '+', + '=', + '<', + '>', + // 中文标点符号 + '。', + ',', + '、', + ';', + ':', + '?', + '!', + '…', + '—', + '·', + '~', + '¥', + '(', + ')', + '【', + '】', + '《', + '》', + '〈', + '〉', + '「', + '」', + '『', + '』', + '〔', + '〕', + ]; + + // 添加中文引号字符(使用十六进制编码避免语法错误) + $chineseQuotes = ["\xE2\x80\x9C", "\xE2\x80\x9D", "\xE2\x80\x98", "\xE2\x80\x99"]; // " " ' ' + $forbiddenChars = array_merge($forbiddenChars, $chineseQuotes); + + foreach ($forbiddenChars as $char) { + if (strpos($companyName, $char) !== false) { + return ['valid' => false, 'message' => '公司名称不能包含特殊符号']; + } + } + + return ['valid' => true, 'message' => '']; + } + }