github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SQL注入 #5173

pull/5177/head
zhangdaiscott 2023-07-23 16:52:55 +08:00
parent e6e6902e85
commit 648e66d5ef
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
View File

@ -347,6 +347,11 @@ public class SysDictController {
// SQL注入漏洞 sign签名校验(表名,label字段,val字段,条件) // SQL注入漏洞 sign签名校验(表名,label字段,val字段,条件)
String dictCode = tbname+","+text+","+code+","+condition; String dictCode = tbname+","+text+","+code+","+condition;
SqlInjectionUtil.filterContent(dictCode); SqlInjectionUtil.filterContent(dictCode);
//update-begin-author:scott date:20230723 for:【issues/5173】SQL注入
if(!dictQueryBlackListHandler.isPass(dictCode)){
return result.error500(dictQueryBlackListHandler.getError());
}
//update-end-author:scott date:20230723 for:【issues/5173】SQL注入
List<TreeSelectModel> ls = sysDictService.queryTreeList(query,tbname, text, code, pidField, pid,hasChildField,converIsLeafVal); List<TreeSelectModel> ls = sysDictService.queryTreeList(query,tbname, text, code, pidField, pid,hasChildField,converIsLeafVal);
result.setSuccess(true); result.setSuccess(true);
result.setResult(ls); result.setResult(ls);