重复check接口，sql注入检查

4f61f0ad · JEECG低代码平台 · 4a5ff61e · 4f61f0ad
隐藏空白更改
内联并排

Showing with 10 addition and 6 deletion

jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java ...g/modules/system/controller/DuplicateCheckController.java +10 -6

未找到文件。
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
 package org.jeecg.modules.system.controller;

-import javax.servlet.http.HttpServletRequest;
-
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.util.SqlInjectionUtil;
 import org.jeecg.modules.system.mapper.SysDictMapper;
 import org.jeecg.modules.system.model.DuplicateCheckVo;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;

-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import lombok.extern.slf4j.Slf4j;
+import javax.servlet.http.HttpServletRequest;

 /**
 * @Title: DuplicateCheckAction
@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j;
 public class DuplicateCheckController {

 	@Autowired
-	SysDictMapper sysDictMapper;
+    SysDictMapper sysDictMapper;

 	/**
 	 * 校验数据是否在系统中是否存在
@@ -42,6 +42,10 @@ public class DuplicateCheckController {
 		Long num = null;

 		log.info("----duplicate check------："+ duplicateCheckVo.toString());
+		//关联表字典（举例：sys_user,realname,id）
+		//SQL注入校验（只限制非法串改数据库）
+		final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
+		SqlInjectionUtil.filterContent(sqlInjCheck);
 		if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
 			// [2].编辑页面校验
 			num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);