Java Code Examples for org.jeecg.common.util.SqlInjectionUtil

The following examples show how to use org.jeecg.common.util.SqlInjectionUtil. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: jeecg-cloud   Source File: QueryGenerator.java    License: Apache License 2.0 6 votes vote down vote up
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) {
	String column=null,order=null;
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) {
		column = parameterMap.get(ORDER_COLUMN)[0];
	}
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) {
		order = parameterMap.get(ORDER_TYPE)[0];
	}
	log.debug("排序规则>>列:"+column+",排序方式:"+order);
	if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
		//字典字段,去掉字典翻译文本后缀
		if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) {
			column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
		}
		//SQL注入check
		SqlInjectionUtil.filterContent(column); 
		
		if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) {
			queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column));
		} else {
			queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column));
		}
	}
}
 
Example 2
Source Project: jeecg-boot-with-activiti   Source File: QueryGenerator.java    License: MIT License 6 votes vote down vote up
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) {
	String column=null,order=null;
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) {
		column = parameterMap.get(ORDER_COLUMN)[0];
	}
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) {
		order = parameterMap.get(ORDER_TYPE)[0];
	}
	log.debug("排序规则>>列:"+column+",排序方式:"+order);
	if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
		//字典字段,去掉字典翻译文本后缀
		if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) {
			column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
		}
		//SQL注入check
		SqlInjectionUtil.filterContent(column); 
		
		if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) {
			queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column));
		} else {
			queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column));
		}
	}
}
 
Example 3
Source Project: teaching   Source File: QueryGenerator.java    License: Apache License 2.0 6 votes vote down vote up
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) {
	String column=null,order=null;
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) {
		column = parameterMap.get(ORDER_COLUMN)[0];
	}
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) {
		order = parameterMap.get(ORDER_TYPE)[0];
	}
	log.debug("排序规则>>列:"+column+",排序方式:"+order);
	if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
		//字典字段,去掉字典翻译文本后缀
		if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) {
			column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
		}
		//SQL注入check
		SqlInjectionUtil.filterContent(column); 
		
		if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) {
			queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column));
		} else {
			queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column));
		}
	}
}
 
Example 4
Source Project: jeecg-boot   Source File: QueryGenerator.java    License: Apache License 2.0 6 votes vote down vote up
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) {
	String column=null,order=null;
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) {
		column = parameterMap.get(ORDER_COLUMN)[0];
	}
	if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) {
		order = parameterMap.get(ORDER_TYPE)[0];
	}
	log.debug("排序规则>>列:"+column+",排序方式:"+order);
	if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
		//字典字段,去掉字典翻译文本后缀
		if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) {
			column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
		}
		//SQL注入check
		SqlInjectionUtil.filterContent(column); 
		
		if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) {
			queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column));
		} else {
			queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column));
		}
	}
}
 
Example 5
Source Project: jeecg-cloud   Source File: SysDictController.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * 获取字典数据
 * @param dictCode 字典code
 * @param dictCode 表名,文本字段,code字段  | 举例:sys_user,realname,id
 * @return
 */
@RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) {
	log.info(" dictCode : "+ dictCode);
	Result<List<DictModel>> result = new Result<List<DictModel>>();
	List<DictModel> ls = null;
	try {
		if(dictCode.indexOf(",")!=-1) {
			//关联表字典(举例:sys_user,realname,id)
			String[] params = dictCode.split(",");
			
			if(params.length<3) {
				result.error500("字典Code格式不正确!");
				return result;
			}
			//SQL注入校验(只限制非法串改数据库)
			final String[] sqlInjCheck = {params[0],params[1],params[2]};
			SqlInjectionUtil.filterContent(sqlInjCheck);
			
			if(params.length==4) {
				//SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用)
				SqlInjectionUtil.specialFilterContent(params[3]);
				ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]);
			}else if (params.length==3) {
				ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]);
			}else{
				result.error500("字典Code格式不正确!");
				return result;
			}
		}else {
			//字典表
			 ls = sysDictService.queryDictItemsByCode(dictCode);
		}

		 result.setSuccess(true);
		 result.setResult(ls);
		 log.info(result.toString());
	} catch (Exception e) {
		log.error(e.getMessage(),e);
		result.error500("操作失败");
		return result;
	}

	return result;
}
 
Example 6
Source Project: jeecg-boot-with-activiti   Source File: SysDictController.java    License: MIT License 4 votes vote down vote up
/**
 * 获取字典数据
 * @param dictCode 字典code
 * @param dictCode 表名,文本字段,code字段  | 举例:sys_user,realname,id
 * @return
 */
@RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
public Result<List<DictModel>> getDictItems(@PathVariable String dictCode) {
	log.info(" dictCode : "+ dictCode);
	Result<List<DictModel>> result = new Result<List<DictModel>>();
	List<DictModel> ls = null;
	try {
		if(dictCode.indexOf(",")!=-1) {
			//关联表字典(举例:sys_user,realname,id)
			String[] params = dictCode.split(",");
			
			if(params.length<3) {
				result.error500("字典Code格式不正确!");
				return result;
			}
			//SQL注入校验(只限制非法串改数据库)
			final String[] sqlInjCheck = {params[0],params[1],params[2]};
			SqlInjectionUtil.filterContent(sqlInjCheck);
			
			if(params.length==4) {
				//SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用)
				SqlInjectionUtil.specialFilterContent(params[3]);
				ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]);
			}else if (params.length==3) {
				ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]);
			}else{
				result.error500("字典Code格式不正确!");
				return result;
			}
		}else {
			//字典表
			 ls = sysDictService.queryDictItemsByCode(dictCode);
		}

		 result.setSuccess(true);
		 result.setResult(ls);
		 log.info(result.toString());
	} catch (Exception e) {
		log.error(e.getMessage(),e);
		result.error500("操作失败");
		return result;
	}

	return result;
}
 
Example 7
Source Project: teaching   Source File: SysDictController.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * 获取字典数据
 * @param dictCode 字典code
 * @param dictCode 表名,文本字段,code字段  | 举例:sys_user,realname,id
 * @return
 */
@RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
public Result<List<DictModel>> getDictItems(@PathVariable String dictCode) {
	log.info(" dictCode : "+ dictCode);
	Result<List<DictModel>> result = new Result<List<DictModel>>();
	List<DictModel> ls = null;
	try {
		if(dictCode.indexOf(",")!=-1) {
			//关联表字典(举例:sys_user,realname,id)
			String[] params = dictCode.split(",");
			
			if(params.length<3) {
				result.error500("字典Code格式不正确!");
				return result;
			}
			//SQL注入校验(只限制非法串改数据库)
			final String[] sqlInjCheck = {params[0],params[1],params[2]};
			SqlInjectionUtil.filterContent(sqlInjCheck);
			
			if(params.length==4) {
				//SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用)
				SqlInjectionUtil.specialFilterContent(params[3]);
				ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]);
			}else if (params.length==3) {
				ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]);
			}else{
				result.error500("字典Code格式不正确!");
				return result;
			}
		}else {
			//字典表
			 ls = sysDictService.queryDictItemsByCode(dictCode);
		}

		 result.setSuccess(true);
		 result.setResult(ls);
		 log.info(result.toString());
	} catch (Exception e) {
		log.error(e.getMessage(),e);
		result.error500("操作失败");
		return result;
	}

	return result;
}
 
Example 8
Source Project: jeecg-boot   Source File: SysDictController.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * 获取字典数据
 * @param dictCode 字典code
 * @param dictCode 表名,文本字段,code字段  | 举例:sys_user,realname,id
 * @return
 */
@RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) {
	log.info(" dictCode : "+ dictCode);
	Result<List<DictModel>> result = new Result<List<DictModel>>();
	List<DictModel> ls = null;
	try {
		if(dictCode.indexOf(",")!=-1) {
			//关联表字典(举例:sys_user,realname,id)
			String[] params = dictCode.split(",");
			
			if(params.length<3) {
				result.error500("字典Code格式不正确!");
				return result;
			}
			//SQL注入校验(只限制非法串改数据库)
			final String[] sqlInjCheck = {params[0],params[1],params[2]};
			SqlInjectionUtil.filterContent(sqlInjCheck);
			
			if(params.length==4) {
				//SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用)
				SqlInjectionUtil.specialFilterContent(params[3]);
				ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]);
			}else if (params.length==3) {
				ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]);
			}else{
				result.error500("字典Code格式不正确!");
				return result;
			}
		}else {
			//字典表
			 ls = sysDictService.queryDictItemsByCode(dictCode);
		}

		 result.setSuccess(true);
		 result.setResult(ls);
		 log.info(result.toString());
	} catch (Exception e) {
		log.error(e.getMessage(),e);
		result.error500("操作失败");
		return result;
	}

	return result;
}