Merge pull request #733 from dataease/pr@v1.2@fix_sql_injection_error

fix: 完善sql注入拦截器

backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java

@@ -235,7 +235,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
             if (Arrays.stream(whiteLists.split(",")).anyMatch(item -> url.indexOf(item) != -1)) return false;
         }
         Pattern pattern= Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)" +
-                "|(.*\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b.*)");
+                "|(.*\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|sleep|extractvalue|updatexml|substring|database|concat|rand)\\b.*)");
         Matcher matcher=pattern.matcher(orders.toLowerCase());
         return matcher.find();
     }