From a96f78d384a423c03fb20059ebb7e73b60ed650f Mon Sep 17 00:00:00 2001
From: sgjj <995959152@qq.com>
Date: Sun, 28 Jun 2020 18:03:39 +0800
Subject: [PATCH] =?UTF-8?q?sql=E6=B3=A8=E5=85=A5=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../net/mingsoft/cms/action/web/MCmsAction.java     | 13 +++++++++++++
 src/main/resources/application.yml                  |  1 -
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
index 401fbad8..396a6430 100644
--- a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
+++ b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
@@ -107,6 +107,12 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 	@GetMapping("/index.do")
 	public void index(HttpServletRequest req, HttpServletResponse resp) {
 		Map map = BasicUtil.assemblyRequestMap();
+		map.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				map.put(k,"");
+			}
+		});
 		map.put(ParserUtil.URL, BasicUtil.getUrl());
 		//动态解析
 		map.put(ParserUtil.IS_DO,true);
@@ -203,12 +209,19 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		if(sqlFilter(orderby)){
 			orderby = "id";
 		}
+
 		PageBean page = new PageBean();
 		//根据文章编号查询栏目详情模版
 		CategoryEntity column = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(article.getContentCategoryId()));
 		//解析后的内容
 		String content = "";
 		Map map = BasicUtil.assemblyRequestMap();
+		map.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				map.put(k,"");
+			}
+		});
 		//动态解析
 		map.put(ParserUtil.IS_DO,true);
 		//设置动态请求的模块路径
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 7b983646..db747cda 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -21,7 +21,6 @@ ms:
   upload:
     template: template
     path: upload #文件上传路径，可以根据实际写绝对路径
-    template: template #文件上传路径，可以根据实际写绝对路径
     mapping: /upload/** #修改需要谨慎，系统第一次部署可以随意修改，如果已经有了上传数据，再次修改会导致之前上传的文件404
     denied: .exe,.jsp
     multipart: