sql注入问题

src/main/java/net/mingsoft/cms/action/web/MCmsAction.java

@@ -107,6 +107,12 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 	@GetMapping("/index.do")
 	public void index(HttpServletRequest req, HttpServletResponse resp) {
 		Map map = BasicUtil.assemblyRequestMap();
+		map.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				map.put(k,"");
+			}
+		});
 		map.put(ParserUtil.URL, BasicUtil.getUrl());
 		//动态解析
 		map.put(ParserUtil.IS_DO,true);
@@ -203,12 +209,19 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		if(sqlFilter(orderby)){
 			orderby = "id";
 		}
+
 		PageBean page = new PageBean();
 		//根据文章编号查询栏目详情模版
 		CategoryEntity column = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(article.getContentCategoryId()));
 		//解析后的内容
 		String content = "";
 		Map map = BasicUtil.assemblyRequestMap();
+		map.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				map.put(k,"");
+			}
+		});
 		//动态解析
 		map.put(ParserUtil.IS_DO,true);
 		//设置动态请求的模块路径

src/main/resources/application.yml

@@ -21,7 +21,6 @@ ms:
   upload:
     template: template
     path: upload #文件上传路径，可以根据实际写绝对路径
-    template: template #文件上传路径，可以根据实际写绝对路径
     mapping: /upload/** #修改需要谨慎，系统第一次部署可以随意修改，如果已经有了上传数据，再次修改会导致之前上传的文件404
     denied: .exe,.jsp
     multipart: