Commit daa00d51a3cede12b2961fbc736a768350ddf1f7
1 parent
c6771e8d
1.
Showing
1 changed file
with
7 additions
and
0 deletions
src/main/java/com/bsth/filter/SQLInjectFilter.java
| @@ -14,11 +14,18 @@ public class SQLInjectFilter extends BaseFilter{ | @@ -14,11 +14,18 @@ public class SQLInjectFilter extends BaseFilter{ | ||
| 14 | 14 | ||
| 15 | private static String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|+"; | 15 | private static String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|+"; |
| 16 | 16 | ||
| 17 | + private final static String specialUri = "adminUtils"; | ||
| 18 | + | ||
| 17 | @Override | 19 | @Override |
| 18 | public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) | 20 | public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) |
| 19 | throws IOException, ServletException { | 21 | throws IOException, ServletException { |
| 20 | //获取请求对象中的参数名称 | 22 | //获取请求对象中的参数名称 |
| 21 | Enumeration enu = request.getParameterNames(); | 23 | Enumeration enu = request.getParameterNames(); |
| 24 | + String uri = request.getRequestURI(); | ||
| 25 | + | ||
| 26 | + if (uri.indexOf(specialUri) > -1) { | ||
| 27 | + chain.doFilter(request, response); | ||
| 28 | + } | ||
| 22 | 29 | ||
| 23 | //遍历枚举 | 30 | //遍历枚举 |
| 24 | while (enu.hasMoreElements()) { | 31 | while (enu.hasMoreElements()) { |