潘钊 / bsth_control · Commits

Commit 6204c644e0b8f29fe3b444e57a6ce52b51eca208

Authored by 王通
1 parent 068b7f39
build: skipped

1.sql注入过滤开启

Inline Side-by-side
Showing 1 changed file with 1 additions and 1 deletions
src/main/java/com/bsth/filter/SQLInjectFilter.java
  View file @6204c64
@@ -33,7 +33,7 @@ public class SQLInjectFilter extends BaseFilter{ @@ -33,7 +33,7 @@ public class SQLInjectFilter extends BaseFilter{
33 } 33 }
34 34
35 private static boolean isSqlInject(String injectStr) { 35 private static boolean isSqlInject(String injectStr) {
36 - String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|;|or|-|+|,"; 36 + String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|or|+";
37 String injStrArr[] = injStr.split("\\|"); 37 String injStrArr[] = injStr.split("\\|");
38 injectStr = injectStr.toLowerCase(); 38 injectStr = injectStr.toLowerCase();
39 for (int i = 0; i < injStrArr.length; i++) { 39 for (int i = 0; i < injStrArr.length; i++) {