github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SQL注入 #5173

Browse Source
pull/5177/head
zhangdaiscott 1 year ago
parent e6e6902e85
commit 648e66d5ef
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File

5
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
Unescape View File

@ -347,6 +347,11 @@ public class SysDictController {
// SQL注入漏洞 sign签名校验(表名,label字段,val字段,条件)
String dictCode = tbname+","+text+","+code+","+condition;
SqlInjectionUtil.filterContent(dictCode);
//update-begin-author:scott date:20230723 for:【issues/5173】SQL注入
if(!dictQueryBlackListHandler.isPass(dictCode)){
return result.error500(dictQueryBlackListHandler.getError());
}
//update-end-author:scott date:20230723 for:【issues/5173】SQL注入
List<TreeSelectModel> ls = sysDictService.queryTreeList(query,tbname, text, code, pidField, pid,hasChildField,converIsLeafVal);
result.setSuccess(true);
result.setResult(ls);

Write Preview
Loading…
Cancel
Save