sql注入问题
This commit is contained in:
parent
b03b44a3c6
commit
a96f78d384
|
@ -107,6 +107,12 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
@GetMapping("/index.do")
|
@GetMapping("/index.do")
|
||||||
public void index(HttpServletRequest req, HttpServletResponse resp) {
|
public void index(HttpServletRequest req, HttpServletResponse resp) {
|
||||||
Map map = BasicUtil.assemblyRequestMap();
|
Map map = BasicUtil.assemblyRequestMap();
|
||||||
|
map.forEach((k,v)->{
|
||||||
|
//sql注入过滤
|
||||||
|
if(sqlFilter(v.toString())){
|
||||||
|
map.put(k,"");
|
||||||
|
}
|
||||||
|
});
|
||||||
map.put(ParserUtil.URL, BasicUtil.getUrl());
|
map.put(ParserUtil.URL, BasicUtil.getUrl());
|
||||||
//动态解析
|
//动态解析
|
||||||
map.put(ParserUtil.IS_DO,true);
|
map.put(ParserUtil.IS_DO,true);
|
||||||
|
@ -203,12 +209,19 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
if(sqlFilter(orderby)){
|
if(sqlFilter(orderby)){
|
||||||
orderby = "id";
|
orderby = "id";
|
||||||
}
|
}
|
||||||
|
|
||||||
PageBean page = new PageBean();
|
PageBean page = new PageBean();
|
||||||
//根据文章编号查询栏目详情模版
|
//根据文章编号查询栏目详情模版
|
||||||
CategoryEntity column = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(article.getContentCategoryId()));
|
CategoryEntity column = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(article.getContentCategoryId()));
|
||||||
//解析后的内容
|
//解析后的内容
|
||||||
String content = "";
|
String content = "";
|
||||||
Map map = BasicUtil.assemblyRequestMap();
|
Map map = BasicUtil.assemblyRequestMap();
|
||||||
|
map.forEach((k,v)->{
|
||||||
|
//sql注入过滤
|
||||||
|
if(sqlFilter(v.toString())){
|
||||||
|
map.put(k,"");
|
||||||
|
}
|
||||||
|
});
|
||||||
//动态解析
|
//动态解析
|
||||||
map.put(ParserUtil.IS_DO,true);
|
map.put(ParserUtil.IS_DO,true);
|
||||||
//设置动态请求的模块路径
|
//设置动态请求的模块路径
|
||||||
|
|
|
@ -21,7 +21,6 @@ ms:
|
||||||
upload:
|
upload:
|
||||||
template: template
|
template: template
|
||||||
path: upload #文件上传路径,可以根据实际写绝对路径
|
path: upload #文件上传路径,可以根据实际写绝对路径
|
||||||
template: template #文件上传路径,可以根据实际写绝对路径
|
|
||||||
mapping: /upload/** #修改需要谨慎,系统第一次部署可以随意修改,如果已经有了上传数据,再次修改会导致之前上传的文件404
|
mapping: /upload/** #修改需要谨慎,系统第一次部署可以随意修改,如果已经有了上传数据,再次修改会导致之前上传的文件404
|
||||||
denied: .exe,.jsp
|
denied: .exe,.jsp
|
||||||
multipart:
|
multipart:
|
||||||
|
|
Loading…
Reference in New Issue