From 3212423620a5da486af4b3d286b83f2cf8b7ab37 Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Mon, 11 May 2020 16:19:16 +0800
Subject: [PATCH] =?UTF-8?q?=E9=98=B2sql=E6=B3=A8=E5=85=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../mingsoft/cms/action/web/MCmsAction.java   | 21 ++++++++++++++++---
 .../java/net/mingsoft/cms/dao/IContentDao.xml | 20 +++++++++---------
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
index 59b9b283..5918610a 100644
--- a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
+++ b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
@@ -55,6 +55,8 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * 动态生成页面，需要后台配置自定义页数据
@@ -378,8 +380,16 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		} catch (IOException e1) {
 			e1.printStackTrace();
 		}
+		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
+		searchMap.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				searchMap.put(k,"");
+			}
+		});
+
 		//查询数量
-		int count= contentBiz.getSearchCount(contentModel,fieldValueList,BasicUtil.assemblyRequestMap(),BasicUtil.getAppId(),categoryIds);
+		int count= contentBiz.getSearchCount(contentModel,fieldValueList,searchMap,BasicUtil.getAppId(),categoryIds);
 		int total = PageUtil.totalPage(count, size);
 
 		int pageNo = BasicUtil.getInt(ParserUtil.PAGE_NO, 1);
@@ -412,7 +422,6 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		page.setPreUrl(preUrl);
 		page.setLastUrl(lastUrl);
 		map.put(ParserUtil.URL, BasicUtil.getUrl());
-		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
 		searchMap.put(ParserUtil.PAGE_NO, pageNo);
 		map.put(SEARCH, searchMap);
 		map.put(ParserUtil.PAGE, page);
@@ -420,6 +429,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		map.put(ParserUtil.IS_DO,false);
 		//设置动态请求的模块路径
 		map.put(ParserUtil.MODEL_NAME, "mcms");
+
 		//解析后的内容
 		String content = "";
 		try {
@@ -437,6 +447,11 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		this.outString(response, content);
 	}
 
+	public static boolean sqlFilter(String str){
+		Pattern pattern= Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)");
+		Matcher matcher=pattern.matcher(str);
+		return matcher.find();
+	}
 
 	private Map get(String key, List<Map> fields) {
 		for (Map field : fields) {
@@ -472,4 +487,4 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/net/mingsoft/cms/dao/IContentDao.xml b/src/main/java/net/mingsoft/cms/dao/IContentDao.xml
index 25fef61f..05ee0d9c 100644
--- a/src/main/java/net/mingsoft/cms/dao/IContentDao.xml
+++ b/src/main/java/net/mingsoft/cms/dao/IContentDao.xml
@@ -259,33 +259,33 @@
 		<where>
 			a.app_id = #{websiteId}
 			<if test="ids!=null and ids!=''">
-				and FIND_IN_SET(content_category_id,'${ids}')
+				and FIND_IN_SET(content_category_id,#{ids})
 			</if>
 			<if test="map.content_title!=null">
-			and a.content_title like CONCAT("%",'${map.content_title}',"%")
+			and a.content_title like CONCAT("%",#{map.content_title},"%")
 			</if>
 			<if test="map.content_author!=null">
-			and a.content_author like CONCAT("%",'${map.content_author}',"%")
+			and a.content_author like CONCAT("%",#{map.content_author},"%")
 			</if>
 			<if test="map.content_source!=null">
-			and a.content_source like CONCAT("%",'${map.content_source}',"%")
+			and a.content_source like CONCAT("%",#{map.content_source},"%")
 			</if>
 			<if test="map.content_type!=null">
-			and a.content_type like CONCAT("%",'${map.content_type}',"%")
+			and a.content_type like CONCAT("%",#{map.content_type},"%")
 			</if>
 			<if test="map.content_description!=null">
-			and a.content_description like CONCAT("%",'${map.content_description}',"%")
+			and a.content_description like CONCAT("%",#{map.content_description},"%")
 			</if>
 			<if test="map.content_keyword!=null">
-			and a.content_keyword like CONCAT("%",'${map.content_keyword}',"%")
+			and a.content_keyword like CONCAT("%",#{map.content_keyword},"%")
 			</if>
 			<if test="map.content_details!=null">
-			and a.content_details like CONCAT("%",'${map.content_details}',"%")
+			and a.content_details like CONCAT("%",#{map.content_details},"%")
 			</if>
 			<if test="tableName!=null and tableName!='' and diyMap!=null">
 				<foreach item="item" index="index" collection="diyList" open=""
 						 separator="" close="">
-					and d.${item.key} like CONCAT("%",'${item.value}',"%")
+					and d.${item.key} like CONCAT("%",#{item.value},"%")
 				</foreach>
 			</if>
 		</where>
@@ -293,4 +293,4 @@
 	</select>
 
 
-</mapper>
\ No newline at end of file
+</mapper>