Commit c6771e8de06da7132117725d77749f9130c1ec3c
1 parent
6204c644
1.
Showing
2 changed files
with
24 additions
and
1 deletions
src/main/java/com/bsth/controller/realcontrol/AdminUtilsController.java
| ... | ... | @@ -6,6 +6,7 @@ import java.text.SimpleDateFormat; |
| 6 | 6 | import java.util.*; |
| 7 | 7 | |
| 8 | 8 | import com.bsth.data.BasicData; |
| 9 | +import com.bsth.filter.SQLInjectFilter; | |
| 9 | 10 | import com.bsth.service.schedule.utils.SpringUtils; |
| 10 | 11 | import com.bsth.util.MailUtils; |
| 11 | 12 | import com.fasterxml.jackson.core.JsonProcessingException; |
| ... | ... | @@ -306,4 +307,17 @@ public class AdminUtilsController { |
| 306 | 307 | |
| 307 | 308 | return "error"; |
| 308 | 309 | } |
| 310 | + | |
| 311 | + @RequestMapping("/setInjectStr") | |
| 312 | + public String setInjectStr(@RequestParam String injectStr) { | |
| 313 | + Map<String, Object> result = new HashMap<>(); | |
| 314 | + try { | |
| 315 | + SQLInjectFilter.setInjStr(injectStr); | |
| 316 | + return "success"; | |
| 317 | + } catch (Exception e) { | |
| 318 | + e.printStackTrace(); | |
| 319 | + } | |
| 320 | + | |
| 321 | + return "error"; | |
| 322 | + } | |
| 309 | 323 | } |
| 310 | 324 | \ No newline at end of file | ... | ... |
src/main/java/com/bsth/filter/SQLInjectFilter.java
| ... | ... | @@ -12,6 +12,8 @@ import java.util.Enumeration; |
| 12 | 12 | @Component |
| 13 | 13 | public class SQLInjectFilter extends BaseFilter{ |
| 14 | 14 | |
| 15 | + private static String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|+"; | |
| 16 | + | |
| 15 | 17 | @Override |
| 16 | 18 | public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) |
| 17 | 19 | throws IOException, ServletException { |
| ... | ... | @@ -33,7 +35,6 @@ public class SQLInjectFilter extends BaseFilter{ |
| 33 | 35 | } |
| 34 | 36 | |
| 35 | 37 | private static boolean isSqlInject(String injectStr) { |
| 36 | - String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|or|+"; | |
| 37 | 38 | String injStrArr[] = injStr.split("\\|"); |
| 38 | 39 | injectStr = injectStr.toLowerCase(); |
| 39 | 40 | for (int i = 0; i < injStrArr.length; i++) { |
| ... | ... | @@ -43,4 +44,12 @@ public class SQLInjectFilter extends BaseFilter{ |
| 43 | 44 | } |
| 44 | 45 | return false; |
| 45 | 46 | } |
| 47 | + | |
| 48 | + public static String getInjStr() { | |
| 49 | + return injStr; | |
| 50 | + } | |
| 51 | + | |
| 52 | + public static void setInjStr(String injStr) { | |
| 53 | + SQLInjectFilter.injStr = injStr; | |
| 54 | + } | |
| 46 | 55 | } | ... | ... |