!230 sql注入修复

Merge pull request !230 from 灰色DT/5.0.1
6 years ago · f6de61ea3b
parent e01cc46c3d 0ca41ed7c0
commit f6de61ea3b
3 changed files with 34 additions and 13 deletions
--- a/pom.xml
+++ b/pom.xml
@ -84,6 +84,7 @@
 		<dependency>
 			<groupId>net.mingsoft</groupId>
 			<artifactId>ms-upgrader</artifactId>
+			<version>1.0.16</version>
 		</dependency>
 	</dependencies>
 	<build>
--- a/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
+++ b/src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
@ -55,6 +55,8 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 /**
 * 动态生成页面，需要后台配置自定义页数据
@ -378,8 +380,16 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		} catch (IOException e1) {
 			e1.printStackTrace();
 		}
+		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
+		searchMap.forEach((k,v)->{
+			//sql注入过滤
+			if(sqlFilter(v.toString())){
+				searchMap.put(k,"");
+			}
+		});
+
 		//查询数量
-		int count= contentBiz.getSearchCount(contentModel,fieldValueList,BasicUtil.assemblyRequestMap(),BasicUtil.getAppId(),categoryIds);
+		int count= contentBiz.getSearchCount(contentModel,fieldValueList,searchMap,BasicUtil.getAppId(),categoryIds);
 		int total = PageUtil.totalPage(count, size);

 		int pageNo = BasicUtil.getInt(ParserUtil.PAGE_NO, 1);
@ -412,7 +422,6 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		page.setPreUrl(preUrl);
 		page.setLastUrl(lastUrl);
 		map.put(ParserUtil.URL, BasicUtil.getUrl());
-		Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
 		searchMap.put(ParserUtil.PAGE_NO, pageNo);
 		map.put(SEARCH, searchMap);
 		map.put(ParserUtil.PAGE, page);
@ -420,6 +429,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		map.put(ParserUtil.IS_DO,false);
 		//设置动态请求的模块路径
 		map.put(ParserUtil.MODEL_NAME, "mcms");
+
 		//解析后的内容
 		String content = "";
 		try {
@ -437,6 +447,16 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
 		this.outString(response, content);
 	}

+    /**
+     * sql语句检测，存在返回true
+     * @param str
+     * @return
+     */
+	public static boolean sqlFilter(String str){
+		Pattern pattern= Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)");
+		Matcher matcher=pattern.matcher(str);
+		return matcher.find();
+	}

 	private Map get(String key, List<Map> fields) {
 		for (Map field : fields) {
@ -472,4 +492,4 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {



-}
+}
--- a/src/main/java/net/mingsoft/cms/dao/IContentDao.xml
+++ b/src/main/java/net/mingsoft/cms/dao/IContentDao.xml
@ -259,33 +259,33 @@
 		<where>
 			a.app_id = #{websiteId}
 			<if test="ids!=null and ids!=''">
-				and FIND_IN_SET(content_category_id,'${ids}')
+				and FIND_IN_SET(content_category_id,#{ids})
 			</if>
 			<if test="map.content_title!=null">
-			and a.content_title like CONCAT("%",'${map.content_title}',"%")
+			and a.content_title like CONCAT("%",#{map.content_title},"%")
 			</if>
 			<if test="map.content_author!=null">
-			and a.content_author like CONCAT("%",'${map.content_author}',"%")
+			and a.content_author like CONCAT("%",#{map.content_author},"%")
 			</if>
 			<if test="map.content_source!=null">
-			and a.content_source like CONCAT("%",'${map.content_source}',"%")
+			and a.content_source like CONCAT("%",#{map.content_source},"%")
 			</if>
 			<if test="map.content_type!=null">
-			and a.content_type like CONCAT("%",'${map.content_type}',"%")
+			and a.content_type like CONCAT("%",#{map.content_type},"%")
 			</if>
 			<if test="map.content_description!=null">
-			and a.content_description like CONCAT("%",'${map.content_description}',"%")
+			and a.content_description like CONCAT("%",#{map.content_description},"%")
 			</if>
 			<if test="map.content_keyword!=null">
-			and a.content_keyword like CONCAT("%",'${map.content_keyword}',"%")
+			and a.content_keyword like CONCAT("%",#{map.content_keyword},"%")
 			</if>
 			<if test="map.content_details!=null">
-			and a.content_details like CONCAT("%",'${map.content_details}',"%")
+			and a.content_details like CONCAT("%",#{map.content_details},"%")
 			</if>
 			<if test="tableName!=null and tableName!='' and diyMap!=null">
 				<foreach item="item" index="index" collection="diyList" open=""
 						 separator="" close="">
-					and d.${item.key} like CONCAT("%",'${item.value}',"%")
+					and d.${item.key} like CONCAT("%",#{item.value},"%")
 				</foreach>
 			</if>
 		</where>
@ -293,4 +293,4 @@
 	</select>


-</mapper>
+</mapper>