Home Explore Help
Register Sign In
hx
/
expo
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

!230 sql注入修复
Merge pull request !230 from 灰色DT/5.0.1

铭飞 5 years ago
parent
e01cc46c3d 0ca41ed7c0
commit
f6de61ea3b
3 changed files with 34 additions and 13 deletions
Split View Show Diff Stats
  1. 1 0
      pom.xml
  2. 23 3
      src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
  3. 10 10
      src/main/java/net/mingsoft/cms/dao/IContentDao.xml

+ 1 - 0
pom.xml
View File 

@@ -84,6 +84,7 @@
 
 		<dependency>
 
 			<groupId>net.mingsoft</groupId>
 
 			<artifactId>ms-upgrader</artifactId>
 
+			<version>1.0.16</version>
 
 		</dependency>
 
 	</dependencies>
 
 	<build>

+ 23 - 3
src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
View File 

@@ -55,6 +55,8 @@ import java.util.ArrayList;
 
 import java.util.HashMap;
 
 import java.util.List;
 
 import java.util.Map;
 
+import java.util.regex.Matcher;
 
+import java.util.regex.Pattern;
 
 
 /**
 
  * 动态生成页面,需要后台配置自定义页数据
 
@@ -378,8 +380,16 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 		} catch (IOException e1) {
 
 			e1.printStackTrace();
 
 		}
 
+		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
 
+		searchMap.forEach((k,v)->{
 
+			//sql注入过滤
 
+			if(sqlFilter(v.toString())){
 
+				searchMap.put(k,"");
 
+			}
 
+		});
 
+
 
 		//查询数量
 
-		int count= contentBiz.getSearchCount(contentModel,fieldValueList,BasicUtil.assemblyRequestMap(),BasicUtil.getAppId(),categoryIds);
 
+		int count= contentBiz.getSearchCount(contentModel,fieldValueList,searchMap,BasicUtil.getAppId(),categoryIds);
 
 		int total = PageUtil.totalPage(count, size);
 
 
 		int pageNo = BasicUtil.getInt(ParserUtil.PAGE_NO, 1);
 
@@ -412,7 +422,6 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 		page.setPreUrl(preUrl);
 
 		page.setLastUrl(lastUrl);
 
 		map.put(ParserUtil.URL, BasicUtil.getUrl());
 
-		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
 
 		searchMap.put(ParserUtil.PAGE_NO, pageNo);
 
 		map.put(SEARCH, searchMap);
 
 		map.put(ParserUtil.PAGE, page);
 
@@ -420,6 +429,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 		map.put(ParserUtil.IS_DO,false);
 
 		//设置动态请求的模块路径
 
 		map.put(ParserUtil.MODEL_NAME, "mcms");
 
+
 
 		//解析后的内容
 
 		String content = "";
 
 		try {
 
@@ -437,6 +447,16 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 		this.outString(response, content);
 
 	}
 
 
+    /**
 
+     * sql语句检测,存在返回true
 
+     * @param str
 
+     * @return
 
+     */
 
+	public static boolean sqlFilter(String str){
 
+		Pattern pattern= Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)");
 
+		Matcher matcher=pattern.matcher(str);
 
+		return matcher.find();
 
+	}
 
 
 	private Map get(String key, List<Map> fields) {
 
 		for (Map field : fields) {
 
@@ -472,4 +492,4 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 
 
 
 
-}
 
+}

+ 10 - 10
src/main/java/net/mingsoft/cms/dao/IContentDao.xml
View File 

@@ -259,33 +259,33 @@
 
 		<where>
 
 			a.app_id = #{websiteId}
 
 			<if test="ids!=null and ids!=''">
 
-				and FIND_IN_SET(content_category_id,'${ids}')
 
+				and FIND_IN_SET(content_category_id,#{ids})
 
 			</if>
 
 			<if test="map.content_title!=null">
 
-			and a.content_title like CONCAT("%",'${map.content_title}',"%")
 
+			and a.content_title like CONCAT("%",#{map.content_title},"%")
 
 			</if>
 
 			<if test="map.content_author!=null">
 
-			and a.content_author like CONCAT("%",'${map.content_author}',"%")
 
+			and a.content_author like CONCAT("%",#{map.content_author},"%")
 
 			</if>
 
 			<if test="map.content_source!=null">
 
-			and a.content_source like CONCAT("%",'${map.content_source}',"%")
 
+			and a.content_source like CONCAT("%",#{map.content_source},"%")
 
 			</if>
 
 			<if test="map.content_type!=null">
 
-			and a.content_type like CONCAT("%",'${map.content_type}',"%")
 
+			and a.content_type like CONCAT("%",#{map.content_type},"%")
 
 			</if>
 
 			<if test="map.content_description!=null">
 
-			and a.content_description like CONCAT("%",'${map.content_description}',"%")
 
+			and a.content_description like CONCAT("%",#{map.content_description},"%")
 
 			</if>
 
 			<if test="map.content_keyword!=null">
 
-			and a.content_keyword like CONCAT("%",'${map.content_keyword}',"%")
 
+			and a.content_keyword like CONCAT("%",#{map.content_keyword},"%")
 
 			</if>
 
 			<if test="map.content_details!=null">
 
-			and a.content_details like CONCAT("%",'${map.content_details}',"%")
 
+			and a.content_details like CONCAT("%",#{map.content_details},"%")
 
 			</if>
 
 			<if test="tableName!=null and tableName!='' and diyMap!=null">
 
 				<foreach item="item" index="index" collection="diyList" open=""
 
 						 separator="" close="">
 
-					and d.${item.key} like CONCAT("%",'${item.value}',"%")
 
+					and d.${item.key} like CONCAT("%",#{item.value},"%")
 
 				</foreach>
 
 			</if>
 
 		</where>
 
@@ -293,4 +293,4 @@
 
 	</select>
 
 
 
-</mapper>
 
+</mapper>