From 4f61f0ad48232ed7929b663d8b2e37283afc59c5 Mon Sep 17 00:00:00 2001
From: zhangdaiscott <zhangdaiscott@163.com>
Date: Mon, 1 Feb 2021 20:33:10 +0800
Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E5=A4=8Dcheck=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=EF=BC=8Csql=E6=B3=A8=E5=85=A5=E6=A3=80=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/DuplicateCheckController.java     | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
index d5f6253e..e9915f5d 100644
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
@@ -1,9 +1,11 @@
 package org.jeecg.modules.system.controller;
 
-import javax.servlet.http.HttpServletRequest;
-
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.util.SqlInjectionUtil;
 import org.jeecg.modules.system.mapper.SysDictMapper;
 import org.jeecg.modules.system.model.DuplicateCheckVo;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import lombok.extern.slf4j.Slf4j;
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * @Title: DuplicateCheckAction
@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j;
 public class DuplicateCheckController {
 
 	@Autowired
-	SysDictMapper sysDictMapper;
+    SysDictMapper sysDictMapper;
 
 	/**
 	 * 校验数据是否在系统中是否存在
@@ -42,6 +42,10 @@ public class DuplicateCheckController {
 		Long num = null;
 
 		log.info("----duplicate check------："+ duplicateCheckVo.toString());
+		//关联表字典（举例：sys_user,realname,id）
+		//SQL注入校验（只限制非法串改数据库）
+		final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
+		SqlInjectionUtil.filterContent(sqlInjCheck);
 		if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
 			// [2].编辑页面校验
 			num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
-- 
GitLab