From 132ff7a58dfb5ce8b74fca4ebf31a7abaa1d1499 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Fri, 19 Apr 2024 19:03:00 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E6=8E=92=E9=99=A4=20char?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/jeesite/common/codec/EncodeUtils.java | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java index 9fac6b1f..b0a9814b 100644 --- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java +++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java @@ -258,12 +258,6 @@ public class EncodeUtils { case '\"': sb.append("""); break; -// case '&': -// sb.append("&"); -// break; -// case '#': -// sb.append("#"); -// break; default: sb.append(c); break; @@ -282,10 +276,9 @@ public class EncodeUtils { // 预编译SQL过滤正则表达式 private static Pattern sqlPattern = Pattern.compile( - "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml|if|mid|database|rand|user)([\\s]*?)\\()|" - + "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|" - + "drop|execute|case when|sleep|union|load_file)\\b)", - Pattern.CASE_INSENSITIVE); + "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml|if|mid|database|rand|user)([\\s]*?)\\()" + + "|(\\b(select|update|and|or|delete|insert|trancate|substr|ascii|declare|exec|count|master|into" + + "|drop|execute|case when|sleep|union|load_file)\\b)", Pattern.CASE_INSENSITIVE); private static Pattern orderByPattern = Pattern.compile("[a-z0-9_\\.\\, ]*", Pattern.CASE_INSENSITIVE); /**