Skip to content

F
finance-manage
Commit 52d48fa6 authored by RuoYi's avatar RuoYi
Browse files
Options

检查字符支持小数点&降级改成异常提醒

parent df3ef54b
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 3 deletions
ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
View file @ 52d48fa6
package com.ruoyi.common.utils.sql; package com.ruoyi.common.utils.sql;
import com.ruoyi.common.exception.BaseException;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
/** /**
...@@ -10,9 +11,9 @@ import com.ruoyi.common.utils.StringUtils; ...@@ -10,9 +11,9 @@ import com.ruoyi.common.utils.StringUtils;
public class SqlUtil public class SqlUtil
{ {
/** /**
* 仅支持字母、数字、下划线、空格、逗号(支持多个字段排序) * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序)
*/ */
public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,]+"; public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";
/** /**
* 检查字符,防止注入绕过 * 检查字符,防止注入绕过
...@@ -21,7 +22,7 @@ public class SqlUtil ...@@ -21,7 +22,7 @@ public class SqlUtil
{ {
if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value))
{ {
return StringUtils.EMPTY; throw new BaseException("参数不符合规范,不能进行查询");
} }
return value; return value;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment