From 05e9f8274ef11d960485eb95fb0ebe45fb78196f Mon Sep 17 00:00:00 2001
From: junjie <junjie.xia@fit2cloud.com>
Date: Wed, 4 Aug 2021 16:43:00 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20sql=E6=B3=A8=E5=85=A5=E6=8E=92=E9=99=A4?=
 =?UTF-8?q?=E5=87=8F=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../commons/wrapper/XssAndSqlHttpServletRequestWrapper.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java b/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
index 34fff33383..5bff936f5d 100644
--- a/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
+++ b/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
@@ -215,7 +215,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
     }
 
     public static boolean checkSqlInjection(Object obj){
-        Pattern pattern= Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+|\\-).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)" +
+        Pattern pattern= Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)" +
                 "|(.*\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b.*)");
         Matcher matcher=pattern.matcher(obj.toString().toLowerCase());
         return matcher.find();