瀏覽代碼

优化SQL关键字检查防止注入

RuoYi 2 年之前
父節點
當前提交
167970e5c4

+ 1 - 1
ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java

@@ -13,7 +13,7 @@ public class SqlUtil
     /**
      * 定义常用的 sql关键字
      */
-    public static String SQL_REGEX = "select |insert |delete |update |drop |count |exec |chr |mid |master |truncate |char |and |declare ";
+    public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()";
 
     /**
      * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序)

+ 1 - 1
ruoyi-generator/src/main/java/com/ruoyi/generator/controller/GenController.java

@@ -222,7 +222,7 @@ public class GenController extends BaseController
         catch (Exception e)
         {
             logger.error(e.getMessage(), e);
-            return AjaxResult.error("创建表结构异常[" + e.getMessage() + "]");
+            return AjaxResult.error("创建表结构异常");
         }
     }