center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

Merge pull request #3973 from dataease/pr@dev@fix_dataset

Browse Source 
Pr@dev@fix dataset
This commit is contained in:
taojinlong 2022-11-30 18:40:45 +08:00 committed by GitHub
commit 6d55ea4e0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
View File

@ -12,10 +12,13 @@ import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.util.ArrayList;
import java.util.List;
public class SqlFilter implements Filter {
private List<String> excludedUris = new ArrayList<>();
@Override
public void destroy() {
@ -34,38 +37,43 @@ public class SqlFilter implements Filter {
return;
}
String method = "GET";
String param;
XssAndSqlHttpServletRequestWrapper xssRequest = null;
if (request instanceof HttpServletRequest) {
method = ((HttpServletRequest) request).getMethod();
xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
}
if ("POST".equalsIgnoreCase(method)) {
param = this.getBodyString(xssRequest.getReader());
if (StringUtils.isNotBlank(param)) {
if (xssRequest.checkXSSAndSql(param)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
String msg = ThreadLocalContextHolder.getData().toString();
DEException.throwException(msg);
return;
if(excludedUris.contains(((HttpServletRequest) request).getRequestURI())){
chain.doFilter(request, response);
}else {
String method = "GET";
String param;
XssAndSqlHttpServletRequestWrapper xssRequest = null;
if (request instanceof HttpServletRequest) {
method = ((HttpServletRequest) request).getMethod();
xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
}
if ("POST".equalsIgnoreCase(method)) {
param = this.getBodyString(xssRequest.getReader());
if (StringUtils.isNotBlank(param)) {
if (xssRequest.checkXSSAndSql(param)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
String msg = ThreadLocalContextHolder.getData().toString();
DEException.throwException(msg);
return;
}
}
}
if (xssRequest.checkParameter()) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
String msg = ThreadLocalContextHolder.getData().toString();
DEException.throwException(msg);
return;
}
chain.doFilter(xssRequest, response);
}
if (xssRequest.checkParameter()) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
String msg = ThreadLocalContextHolder.getData().toString();
DEException.throwException(msg);
return;
}
chain.doFilter(xssRequest, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
excludedUris.add("/dataset/table/excel/upload");
}
// 获取request请求body中参数

3
backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java
View File

@ -1338,8 +1338,9 @@ public class SqlserverQueryProvider extends QueryProvider {
public List<Dateformat> dateformat() {
return JSONArray.parseArray("[\n" +
"{\"dateformat\": \"102\", \"desc\": \"yyyy.mm.dd\"},\n" +
"{\"dateformat\": \"23\", \"desc\": \"yyyy-mm-dd\"},\n" +
"{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd\"},\n" +
"{\"dateformat\": \"111\", \"desc\": \"yyyy/mm/dd\"},\n" +
"{\"dateformat\": \"112\", \"desc\": \"yyyymmdd\"},\n" +
"{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd hh:mi:ss\"}\n" +
"]", Dateformat.class);
}

3
frontend/src/views/dataset/data/FieldEdit.vue
View File

@ -859,6 +859,9 @@ export default {
if (item.dateFormatType !== 'custom') {
item.dateFormat = item.dateFormatType
}
}else {
item.dateFormatType = ''
item.dateFormat = ''
}
if (item.dateFormatType === 'custom' && !item.dateFormat) {
return