1、人员组织发送验证码无论用户是否存在都返回正常，不报用户不存在的错误；

2、修复数据中心查询语句sql注入问题

o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCode.java

@@ -31,18 +31,18 @@ class ActionCode extends BaseAction {
 				throw new ExceptionDisableCollect();
 			}
 			Wo wo = new Wo();
+			wo.setValue(true);
+			result.setData(wo);
 			Business business = new Business(emc);
 			String id = business.person().getWithCredential(credential);
 			if (StringUtils.isEmpty(id)) {
-				throw new ExceptionPersonNotExist(credential);
+				return result;
 			}
 			Person o = emc.find(id, Person.class);
 			if (!Config.person().isMobile(o.getMobile())) {
 				throw new ExceptionInvalidMobile(o.getMobile());
 			}
 			business.instrument().code().create(o.getMobile());
-			wo.setValue(true);
-			result.setData(wo);
 			return result;
 		}
 	}

o2server/x_query_assemble_surface/src/main/java/com/x/query/assemble/surface/jaxrs/statement/ActionExecuteV2.java

@@ -3,6 +3,8 @@ package com.x.query.assemble.surface.jaxrs.statement;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.persistence.EntityManager;
 import javax.persistence.Parameter;
@@ -11,6 +13,7 @@ import javax.script.Bindings;
 import javax.script.CompiledScript;
 import javax.script.ScriptContext;
 
+import com.x.base.core.project.tools.StringTools;
 import org.apache.commons.collections4.list.TreeList;
 import org.apache.commons.lang3.StringUtils;
 
@@ -46,7 +49,7 @@ import com.x.query.core.express.statement.Runtime;
 class ActionExecuteV2 extends BaseAction {
 
 	private static final Logger LOGGER = LoggerFactory.getLogger(ActionExecuteV2.class);
-	
+
 	private static final String[] keys = { "group by", "GROUP BY", "order by", "ORDER BY", "limit", "LIMIT" };
 	private static final String[] pageKeys = { "GROUP BY", " COUNT(" };
 	private static final String JOIN_KEY = " JOIN ";
@@ -54,6 +57,8 @@ class ActionExecuteV2 extends BaseAction {
 	private static final String SQL_WHERE = "WHERE";
 	private static final String SQL_AND = "AND";
 	private static final String SQL_OR = "OR";
+	private static final Pattern SIMPLY_REGEX = Pattern
+			.compile("^[a-zA-Z0-9\\_\\-]*$");
 
 	ActionResult<Object> execute(EffectivePerson effectivePerson, String flag, String mode, Integer page, Integer size,
 			JsonElement jsonElement) throws Exception {
@@ -62,7 +67,7 @@ class ActionExecuteV2 extends BaseAction {
 				() -> page, () -> size);
 		ClassLoader classLoader = Business.getDynamicEntityClassLoader();
 		Thread.currentThread().setContextClassLoader(classLoader);
-		
+
 		Statement statement = null;
 		ActionResult<Object> result = new ActionResult<>();
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
@@ -317,9 +322,14 @@ class ActionExecuteV2 extends BaseAction {
 				if (size > 1) {
 					list.add("(");
 				}
+				int j = 0;
 				for (int i = 0; i < size; i++) {
 					FilterEntry filterEntry = wi.getFilterList().get(i);
-					if (i > 0) {
+					Matcher matcher = SIMPLY_REGEX.matcher(filterEntry.value);
+					if(!matcher.find()){
+						continue;
+					}
+					if (j++ > 0) {
 						String joinTag = filterEntry.logic;
 						if (StringUtils.isEmpty(joinTag) || !joinTag.equalsIgnoreCase(SQL_OR)) {
 							joinTag = SQL_AND;
@@ -330,6 +340,9 @@ class ActionExecuteV2 extends BaseAction {
 					list.add(Comparison.getMatchCom(filterEntry.comparison));
 					list.add(":" + filterEntry.value);
 				}
+				if(j == 0){
+					list.add("1=1");
+				}
 				if (size > 1) {
 					list.add(")");
 				}