center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix: sql注入给出提示

Browse Source
This commit is contained in:
fit2cloud-chenyw 2022-06-08 12:52:41 +08:00
parent aae1fef98b
commit 59e7b9172b
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
View File

@ -1,5 +1,6 @@
package io.dataease.commons.filter; package io.dataease.commons.filter;
import io.dataease.commons.exception.DEException;
import io.dataease.commons.holder.ThreadLocalContextHolder; import io.dataease.commons.holder.ThreadLocalContextHolder;
import io.dataease.commons.wrapper.XssAndSqlHttpServletRequestWrapper; import io.dataease.commons.wrapper.XssAndSqlHttpServletRequestWrapper;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -42,9 +43,10 @@ public class SqlFilter implements Filter {
if (xssRequest.checkXSSAndSql(param)) { if (xssRequest.checkXSSAndSql(param)) {
response.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8"); response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter(); // PrintWriter out = response.getWriter();
String msg = ThreadLocalContextHolder.getData().toString(); String msg = ThreadLocalContextHolder.getData().toString();
out.write(msg); // out.write(msg);
DEException.throwException(msg);
return; return;
} }
} }
@ -52,9 +54,10 @@ public class SqlFilter implements Filter {
if (xssRequest.checkParameter()) { if (xssRequest.checkParameter()) {
response.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8"); response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter(); // PrintWriter out = response.getWriter();
String msg = ThreadLocalContextHolder.getData().toString(); String msg = ThreadLocalContextHolder.getData().toString();
out.write(msg); // out.write(msg);
DEException.throwException(msg);
return; return;
} }
chain.doFilter(xssRequest, response); chain.doFilter(xssRequest, response);