hhyykk/RuoYi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

检查字符,防止注入绕过

Browse Source
This commit is contained in:
RuoYi
2019-02-28 13:03:02 +08:00
parent 9c50dd8c2d
commit 8a37d2ae24
3 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ruoyi-framework/src/main/java/com/ruoyi/framework/web/base/BaseController.java
View File

@ -13,6 +13,7 @@ import com.ruoyi.common.page.TableDataInfo;
import com.ruoyi.common.page.TableSupport;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.sql.SqlUtil;
import com.ruoyi.framework.util.ShiroUtils;
import com.ruoyi.system.domain.SysUser;
@ -50,7 +51,7 @@ public class BaseController
Integer pageSize = pageDomain.getPageSize();
if (StringUtils.isNotNull(pageNum) && StringUtils.isNotNull(pageSize))
{
String orderBy = pageDomain.getOrderBy();
String orderBy = SqlUtil.escapeOrderBySql(pageDomain.getOrderBy());
PageHelper.startPage(pageNum, pageSize, orderBy);
}
}