提交 4f61f0ad 编写于 作者: JEECG低代码平台's avatar JEECG低代码平台

重复check接口,sql注入检查

上级 4a5ff61e
package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletRequest;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.http.HttpServletRequest;
/**
* @Title: DuplicateCheckAction
......@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j;
public class DuplicateCheckController {
@Autowired
SysDictMapper sysDictMapper;
SysDictMapper sysDictMapper;
/**
* 校验数据是否在系统中是否存在
......@@ -42,6 +42,10 @@ public class DuplicateCheckController {
Long num = null;
log.info("----duplicate check------:"+ duplicateCheckVo.toString());
//关联表字典(举例:sys_user,realname,id)
//SQL注入校验(只限制非法串改数据库)
final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
SqlInjectionUtil.filterContent(sqlInjCheck);
if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
// [2].编辑页面校验
num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册