Commit a65eab89 authored by 王炜's avatar 王炜

修改权限通用查询过滤sql注入问题,导致动态页面无法保存,追加jsonArray判断

parent 88c67ef1
...@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish; ...@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish;
import leaf.service.*; import leaf.service.*;
import leaf.transaction.ITransactionService; import leaf.transaction.ITransactionService;
import leaf.transaction.UserTransactionImpl; import leaf.transaction.UserTransactionImpl;
import org.json.JSONArray;
import org.json.JSONObject; import org.json.JSONObject;
import org.springframework.security.web.csrf.CsrfToken; import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
...@@ -116,21 +117,24 @@ public abstract class AbstractFacadeServlet extends HttpServlet { ...@@ -116,21 +117,24 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
if(it.getKey().equals("_request_data")&&!it.getValue()[0].isEmpty()){ if(it.getKey().equals("_request_data")&&!it.getValue()[0].isEmpty()){
JSONObject requestData = new JSONObject(it.getValue()[0]); JSONObject requestData = new JSONObject(it.getValue()[0]);
if(requestData.has("parameter")){ if(requestData.has("parameter")){
JSONObject paraOject=requestData.getJSONObject("parameter"); if(!(requestData.get("parameter") instanceof JSONArray)){
if (paraOject.has("trx_id")){ JSONObject paraOject=requestData.getJSONObject("parameter");
String trx_id=paraOject.get("trx_id").toString().toLowerCase(); if (paraOject.has("trx_id")){
if(trx_id.indexOf("and") != -1|| String trx_id=paraOject.get("trx_id").toString().toLowerCase();
trx_id.indexOf("or") != -1|| if(trx_id.indexOf("and") != -1||
trx_id.indexOf("=") != -1|| trx_id.indexOf("or") != -1||
trx_id.indexOf("select") != -1|| trx_id.indexOf("=") != -1||
trx_id.indexOf("union") != -1|| trx_id.indexOf("select") != -1||
trx_id.indexOf("<") != -1|| trx_id.indexOf("union") != -1||
trx_id.indexOf(">") != -1|| trx_id.indexOf("<") != -1||
trx_id.indexOf("+") != -1|| trx_id.indexOf(">") != -1||
trx_id.indexOf("-") != -1){ trx_id.indexOf("+") != -1||
throw new RuntimeException("parameter contain illegal value:" + trx_id); trx_id.indexOf("-") != -1){
throw new RuntimeException("parameter contain illegal value:" + trx_id);
}
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment