试题导入时分类漏洞

2020-11-17 11:13:55 +08:00 · 2020-11-17 11:13:55 +08:00 · 24bc4dfc6b
parent 8e4d807398
commit 24bc4dfc6b
2 changed files with 9 additions and 3 deletions
--- a/safesite/daoru.py
+++ b/safesite/daoru.py
@ -95,7 +95,7 @@ def drquestions(companyid,path,userid):
                cateobj = Questioncat.objects.create(usecomp=Partment.objects.get(partid=companyid),name=cate)
        if type == '单选':
            if Question.objects.filter(type=1,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').exists():
-                Question.objects.filter(type=1,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='')
+                Question.objects.filter(type=1,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='', questioncat=cateobj)
            else:
                if right in ['A','B','C','D','E','F']:        
                    obj = Question()
@ -115,7 +115,7 @@ def drquestions(companyid,path,userid):
        elif type == '多选':
            right = list(right)
            if Question.objects.filter(type=2,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').exists():
-                Question.objects.filter(type=2,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='')
+                Question.objects.filter(type=2,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='', questioncat=cateobj)
            else:
                if [False for c in right if c not in qlist]:
                    pass
@ -140,7 +140,7 @@ def drquestions(companyid,path,userid):
            else:
                right = 'B'
            if Question.objects.filter(type=3,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').exists():
-                Question.objects.filter(type=3,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='')
+                Question.objects.filter(type=3,title=title,right=right,deletemark=1,usecomps = ','+companyid+',').update(nousecomps='', questioncat=cateobj)
            else:
                obj = Question()
                obj.type = 3
--- a/safesite/views.py
+++ b/safesite/views.py
@ -5038,6 +5038,12 @@ def apitool(req):
        # Userprofile.objects.filter(realname='null').update(realname='')
        # Userprofile.objects.filter(cardnum='null').update(cardnum='')
        return JsonResponse({"code":1})
+    elif a == 'correct_questioncat':
+        # print(Questioncat.objects.filter(usecomp__partid=2184).delete())
+        print(Question.objects.filter(questioncat__name='冬季四防安全生产知识').count())
+        # Questioncat.objects.filter(usecomp__partname='广安厂').update(parent=None, link=',', deletemark=1)
+        # print(Questioncat.objects.filter(name='冬季四防安全生产知识').values('usecomp__partname'))
+        return JsonResponse({"code":1})