sql注入问题

6 years ago · b03b44a3c6
parent 7170fece88
commit b03b44a3c6
1 changed files with 3 additions and 0 deletions
--- a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
+++ b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
@ -200,6 +200,9 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 				return;
 			}
 		}
+		if(sqlFilter(orderby)){
+			orderby = "id";
+		}
 		PageBean page = new PageBean();
 		//根据文章编号查询栏目详情模版
 		CategoryEntity column = (CategoryEntity) categoryBiz.getEntity(Integer.parseInt(article.getContentCategoryId()));