qt
/
weaver-hrm-salary
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复sql的XSS

This commit is contained in:
钱涛 2022-06-28 16:08:20 +08:00
parent b64f34a14c
commit 63ce165a74
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java
View File

@ -139,6 +139,10 @@ public class SalaryFormulaServiceImpl extends Service implements SalaryFormulaSe
//将select因XSS过滤造成的异常字符转换回来
param.setFormula(param.getFormula().replaceAll("", "select"));
param.setFormula(param.getFormula().replaceAll("", "and"));
param.setFormula(param.getFormula().replaceAll("", "or"));
param.setFormula(param.getFormula().replaceAll("", "in"));
param.setFormula(param.getFormula().replaceAll("", "like"));
}
//试运行公式