[FIX-3573][DAO] potential horizontal unauthorized access (#3880)

* fix bug[#3573] potential horizontal unauthorized access * fix bug[#3573] potential horizontal unauthorized access Co-authored-by: baoliang <baoliang@analysys.com.cn>
4 years ago · 9de7d3c772
1 changed files with 1 additions and 2 deletions
--- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
+++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
@ -167,7 +167,7 @@
    <select id="queryLastRunningProcess" resultType="org.apache.dolphinscheduler.dao.entity.ProcessInstance">
        select *
        from t_ds_process_instance
-        where 1=1
+        where process_definition_id=#{processDefinitionId}
        <if test="states !=null and states.length != 0">
            and state in
            <foreach collection="states" item="i" index="index" open="(" separator="," close=")">
@ -175,7 +175,6 @@
            </foreach>
        </if>
        <if test="startTime!=null and endTime != null ">
-            and process_definition_id=#{processDefinitionId}
            and (schedule_time <![CDATA[ >= ]]> #{startTime} and schedule_time <![CDATA[ <= ]]> #{endTime}
                  or start_time <![CDATA[ >= ]]> #{startTime} and start_time <![CDATA[ <= ]]> #{endTime})
        </if>