From 4dc4e87900259364a87c06966e2723e10d360277 Mon Sep 17 00:00:00 2001 From: JEECG <445654970@qq.com> Date: Sat, 20 Apr 2024 18:34:52 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3SQL=E6=B3=A8=E5=85=A5?= =?UTF-8?q?=E6=A3=80=E6=B5=8B=E9=80=BB=E8=BE=91=E5=BD=B1=E5=93=8D=E4=B8=9A?= =?UTF-8?q?=E5=8A=A1=20#6105?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../modules/system/service/impl/SysDictServiceImpl.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java index db94bd7f..010bcd7d 100644 --- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java +++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java @@ -84,7 +84,8 @@ public class SysDictServiceImpl extends ServiceImpl impl // 2.SQL注入check(只限制非法串改数据库) //关联表字典(举例:sys_user,realname,id) - SqlInjectionUtil.filterContent(table, fieldName); + SqlInjectionUtil.filterContent(table); + SqlInjectionUtil.filterContent(fieldName); String checkSql = table + SymbolConstant.COMMA + fieldName + SymbolConstant.COMMA; // 【QQYUN-6533】表字典白名单check @@ -268,7 +269,8 @@ public class SysDictServiceImpl extends ServiceImpl impl // 1.SQL注入校验(只限制非法串改数据库) SqlInjectionUtil.specialFilterContentForDictSql(table); - SqlInjectionUtil.filterContent(text, code); + SqlInjectionUtil.filterContent(text); + SqlInjectionUtil.filterContent(code); SqlInjectionUtil.specialFilterContentForDictSql(filterSql); String str = table+","+text+","+code;