update

3 months ago · 3c35914be0
parent 0f0c9e5e60
commit 3c35914be0
3 changed files with 161 additions and 53 deletions
--- a/app/Http/Controllers/Mobile/CourseController.php
+++ b/app/Http/Controllers/Mobile/CourseController.php
@ -9,6 +9,7 @@ use App\Helpers\ResponseCode;
 use App\Models\AccompanyOrder;
 use App\Models\AppointmentTotalLog;
 use App\Models\Calendar;
+use App\Models\Company;
 use App\Models\Config;
 use App\Models\Course;
 use App\Models\CourseAppointmentTotal;
@ -266,6 +267,17 @@ class CourseController extends CommonController
                return $this->fail([ResponseCode::ERROR_PARAMETER, '以下字段为必填项：' . implode('、', $missingFields)]);
            }
        }
+        // 检测 company_name 字段是否包含特殊符号
+        if (isset($all['data']) && is_array($all['data'])) {
+            foreach ($all['data'] as $item) {
+                if (isset($item['field']) && $item['field'] === 'company_name' && !empty($item['value'])) {
+                    $validation = Company::validateCompanyName($item['value']);
+                    if (!$validation['valid']) {
+                        return $this->fail([ResponseCode::ERROR_BUSINESS, $validation['message']]);
+                    }
+                }
+            }
+        }
        $result = CourseSign::create([
            'is_change' => $all['is_change'] ?? 0,
            'course_id' => $all['course_id'],
--- a/app/Http/Controllers/Mobile/UserController.php
+++ b/app/Http/Controllers/Mobile/UserController.php
@ -10,6 +10,7 @@ use App\Helpers\StarterResponseCode;
 use App\Jobs\SendAppointCar;
 use App\Jobs\SendCourseCar;
 use App\Models\Appointment;
+use App\Models\Company;
 use App\Models\Config;
 use App\Models\CourseContentCheck;
 use App\Models\CourseSign;
@ -181,6 +182,13 @@ class UserController extends CommonController
        if (isset($all['name']) && !empty($all['name'])) {
            $all['letter'] = strtoupper(Pinyin::abbr(mb_substr($all['name'], 0, 1))[0]);
        }
+        // 如果上传了company_name，检测是否包含特殊符号
+        if (isset($all['company_name']) && !empty($all['company_name'])) {
+            $validation = Company::validateCompanyName($all['company_name']);
+            if (!$validation['valid']) {
+                return $this->fail([ResponseCode::ERROR_BUSINESS, $validation['message']]);
+            }
+        }
        $model->fill($all);
        $model->save();
        // 如果有公司信息，就更新一下公司
--- a/app/Models/Company.php
+++ b/app/Models/Company.php
@ -331,4 +331,92 @@ class Company extends SoftDeletesModel
        return false;
    }

+    /**
+     * 验证公司名称是否包含特殊符号
+     * @param string $companyName 公司名称
+     * @return array 返回结果 ['valid' => bool, 'message' => string]
+     */
+    public static function validateCompanyName($companyName)
+    {
+        if (empty($companyName)) {
+            return ['valid' => true, 'message' => ''];
+        }
+
+        // 定义不允许的特殊符号（包含中英文标点符号，键盘上能打出来的所有标点符号）
+        $forbiddenChars = [
+            // 英文标点符号
+            '/',
+            '\\',
+            '.',
+            ',',
+            ';',
+            ':',
+            "'",
+            '"',
+            '?',
+            '!',
+            '@',
+            '#',
+            '$',
+            '%',
+            '^',
+            '&',
+            '*',
+            '(',
+            ')',
+            '[',
+            ']',
+            '{',
+            '}',
+            '|',
+            '`',
+            '~',
+            '-',
+            '_',
+            '+',
+            '=',
+            '<',
+            '>',
+            // 中文标点符号
+            '。',
+            '，',
+            '、',
+            '；',
+            '：',
+            '？',
+            '！',
+            '…',
+            '—',
+            '·',
+            '～',
+            '￥',
+            '（',
+            '）',
+            '【',
+            '】',
+            '《',
+            '》',
+            '〈',
+            '〉',
+            '「',
+            '」',
+            '『',
+            '』',
+            '〔',
+            '〕',
+        ];
+
+        // 添加中文引号字符（使用十六进制编码避免语法错误）
+        $chineseQuotes = ["\xE2\x80\x9C", "\xE2\x80\x9D", "\xE2\x80\x98", "\xE2\x80\x99"]; // " " ' '
+        $forbiddenChars = array_merge($forbiddenChars, $chineseQuotes);
+
+        foreach ($forbiddenChars as $char) {
+            if (strpos($companyName, $char) !== false) {
+                return ['valid' => false, 'message' => '公司名称不能包含特殊符号'];
+            }
+        }
+
+        return ['valid' => true, 'message' => ''];
+    }
+
 }