center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix: sql注入给出提示

Browse Source
This commit is contained in:
fit2cloud-chenyw 2022-06-08 12:52:41 +08:00
parent aae1fef98b
commit 59e7b9172b
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
View File

@ -1,5 +1,6 @@
package io.dataease.commons.filter;
import io.dataease.commons.exception.DEException;
import io.dataease.commons.holder.ThreadLocalContextHolder;
import io.dataease.commons.wrapper.XssAndSqlHttpServletRequestWrapper;
import org.apache.commons.lang3.StringUtils;
@ -42,9 +43,10 @@ public class SqlFilter implements Filter {
if (xssRequest.checkXSSAndSql(param)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
// PrintWriter out = response.getWriter();
String msg = ThreadLocalContextHolder.getData().toString();
out.write(msg);
// out.write(msg);
DEException.throwException(msg);
return;
}
}
@ -52,9 +54,10 @@ public class SqlFilter implements Filter {
if (xssRequest.checkParameter()) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
// PrintWriter out = response.getWriter();
String msg = ThreadLocalContextHolder.getData().toString();
out.write(msg);
// out.write(msg);
DEException.throwException(msg);
return;
}
chain.doFilter(xssRequest, response);