From 1b32b7700ac46c08bd8716deb2ffd58964ae16f1 Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Fri, 7 Feb 2025 20:44:16 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=BB=98=E8=AE=A4=E5=80=BC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/com/jeesite/common/codec/EncodeUtils.java | 6 +++---
 .../core/src/main/resources/views/modules/sys/sysLogin.html | 4 +++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
index f1804166..1e5ad944 100644
--- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
+++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
@@ -266,7 +266,7 @@ public class EncodeUtils {
 			"(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml|if|mid|database|rand|user)([\\s]*?)\\()"
 			+ "|(\\b(select|update|and|or|delete|insert|trancate|substr|ascii|declare|exec|count|master|into"
 			+ "|drop|execute|case when|sleep|union|load_file)\\b)", Pattern.CASE_INSENSITIVE);
-	private static final Pattern orderByPattern = Pattern.compile("[a-z0-9_\\.\\, ]*", Pattern.CASE_INSENSITIVE);
+	private static final Pattern simplePattern = Pattern.compile("[a-z0-9_\\.\\, ]*", Pattern.CASE_INSENSITIVE);
 
 	/**
 	 * SQL过滤，防止注入，传入参数输入有select相关代码，替换空。
@@ -283,8 +283,8 @@ public class EncodeUtils {
 	public static String sqlFilter(String text, String source){
 		if (text != null){
 			String value = text;
-			if ("orderBy".equals(source)) {
-				Matcher matcher = orderByPattern.matcher(value);
+			if ("simple".equals(source) || "orderBy".equals(source)) {
+				Matcher matcher = simplePattern.matcher(value);
 				if (!matcher.matches()) {
 					value = StringUtils.EMPTY;
 				}
diff --git a/modules/core/src/main/resources/views/modules/sys/sysLogin.html b/modules/core/src/main/resources/views/modules/sys/sysLogin.html
index 80a36fb8..1034be5f 100644
--- a/modules/core/src/main/resources/views/modules/sys/sysLogin.html
+++ b/modules/core/src/main/resources/views/modules/sys/sysLogin.html
@@ -56,7 +56,9 @@
 			<% if(@Global.getConfigToBoolean('user.loginCodeCorpUnique', 'false')){ %>
 			<div class="form-group has-feedback">
 				<#form:treeselect id="switchCorpSelect" title="${text('登录租户')}" allowClear="false"
-					name="param_corpCode" url="${ctxAdmin}/sys/corpAdmin/treeData?isShowCode=true" placeholder="${text('登录租户')}"/>
+					name="param_corpCode" value="${@CorpUtils.getCurrentCorpCode()}"
+					labelValue="(${@CorpUtils.getCurrentCorpCode()}) ${@CorpUtils.getCurrentCorpName()}"
+					url="${ctxAdmin}/sys/corpAdmin/treeData?isShowCode=true" placeholder="${text('登录租户')}"/>
 			</div>
 			<% } %>
 			<div class="form-group has-feedback" id="isValidCodeLogin" style="display:${isValidCodeLogin?'blank':'none'}">