jeecg/jeecg-boot
1
0
Fork 0
mirror of https://github.com/jeecgboot/jeecg-boot.git synced 2025-09-09 00:48:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

修复 sql注入漏洞 #4393

Browse Source
This commit is contained in:
zhangdaiscott
2022-12-23 14:03:22 +08:00
parent f94c5e1f3f
commit 0fc374de47
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
View File

@@ -1,6 +1,5 @@
package org.jeecg.modules.system.security;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.security.AbstractQueryBlackListHandler;
@@ -52,7 +51,9 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
*/
private String getTableName(String str) {
String[] arr = str.split("\\s+(?i)where\\s+");
return arr[0];
// sys_user , (sys_user), sys_user%20, %60sys_user%60 issues/4393
String reg = "\\s+|\\(|\\)|`";
return arr[0].replaceAll(reg, "");
}
}