github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #5328 from EightMonth/master 

issue#5295 issue#5296 issue#5255
pull/5377/head
JEECG 2023-08-30 18:50:35 +08:00 committed by GitHub
parent f9982a9132 3478e8f7bc
commit 6e417a22ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java
View File

@ -33,7 +33,7 @@ public class SqlInjectionUtil {
/** /**
* sleep * sleep
*/ */
private final static Pattern FUN_SLEEP = Pattern.compile("sleep\\([\\d\\.]*\\)", Pattern.CASE_INSENSITIVE); private final static Pattern FUN_SLEEP = Pattern.compile("sleep\\(.*\\)", Pattern.CASE_INSENSITIVE);
/** /**
* sql * sql

4
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
View File

@ -727,8 +727,8 @@ public class LoginController {
if(failTime!=null){ if(failTime!=null){
val = Integer.parseInt(failTime.toString()); val = Integer.parseInt(failTime.toString());
} }
// 1小时 // 10分钟
redisUtil.set(key, ++val, 3600); redisUtil.set(key, ++val, 600);
} }
} }

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/util/RandImageUtil.java
View File

@ -6,6 +6,8 @@ import java.awt.*;
import java.awt.image.BufferedImage; import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64; import java.util.Base64;
import java.util.Random; import java.util.Random;
@ -96,7 +98,13 @@ public class RandImageUtil {
// graphics.setColor(getRandColor(100, 200)); // ---2 // graphics.setColor(getRandColor(100, 200)); // ---2
graphics.drawRect(0, 0, WIDTH - 1, HEIGHT - 1); graphics.drawRect(0, 0, WIDTH - 1, HEIGHT - 1);
final Random random = new Random(); // SHA1PRNG是-种常用的随机数生成算法,处理弱随机数问题
SecureRandom random;
try {
random = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
random = new SecureRandom();
}
// 随机产生干扰线,使图象中的认证码不易被其它程序探测到 // 随机产生干扰线,使图象中的认证码不易被其它程序探测到
for (int i = 0; i < COUNT; i++) { for (int i = 0; i < COUNT; i++) {
// ---3 // ---3