From 63ce165a74130775530dd0bbedda5c4dbb89e76f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=92=B1=E6=B6=9B?= <15850646081@163.com>
Date: Tue, 28 Jun 2022 16:08:20 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dsql=E7=9A=84XSS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../engine/salary/service/impl/SalaryFormulaServiceImpl.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java b/src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java
index ee74cd25f..0caa559b7 100644
--- a/src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java
+++ b/src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java
@@ -139,6 +139,10 @@ public class SalaryFormulaServiceImpl extends Service implements SalaryFormulaSe
 
             //将select因XSS过滤造成的异常字符转换回来
             param.setFormula(param.getFormula().replaceAll("ｓｅｌｅｃｔ", "select"));
+            param.setFormula(param.getFormula().replaceAll("ａｎｄ", "and"));
+            param.setFormula(param.getFormula().replaceAll("ｏｒ", "or"));
+            param.setFormula(param.getFormula().replaceAll("ｉｎ", "in"));
+            param.setFormula(param.getFormula().replaceAll("ｌｉｋｅ", "like"));
         }
 
         //试运行公式