【漏洞修复】由于自增id可猜测，需避免别有用心之人删除别人的购物车 update /yudao/module/trade/service/cart/CartServiceImpl.java.

Signed-off-by: 山野羡民 <liyujiang_tk@yeah.net>
10 months ago · fb436ac189
parent 9faee918f9
commit fb436ac189
1 changed files with 1 additions and 1 deletions
--- a/yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/service/cart/CartServiceImpl.java
+++ b/yudao-module-mall/yudao-module-trade-biz/src/main/java/cn/iocoder/yudao/module/trade/service/cart/CartServiceImpl.java
@ -121,7 +121,7 @@ public class CartServiceImpl implements CartService {
        }

        // 批量标记删除
-        cartMapper.deleteBatchIds(ids);
+        cartMapper.deleteByIds(carts.stream().map(CartDO::getId).toList());
    }

    @Override