From 4e6e22e4dce10bb7bb38c8e98ce89c2be421d740 Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Mon, 28 Sep 2020 15:11:27 +0800
Subject: [PATCH] =?UTF-8?q?sql=E8=BF=87=E6=BB=A4=E4=BC=98=E5=8C=96?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0|sleep|union|load=5Ffile=E5=87=BD=E6=95=B0?=
 =?UTF-8?q?=E7=9A=84=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/jeesite/common/codec/EncodeUtils.java   | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
index 7122b698..ae012cc0 100644
--- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
+++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
@@ -263,7 +263,7 @@ public class EncodeUtils {
 	// 预编译SQL过滤正则表达式
 	private static Pattern sqlPattern = Pattern.compile(
 			"(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml)([\\s]*?)\\()|"
-			+ "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|case when)\\b)",
+			+ "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|case when|sleep|union|load_file)\\b)",
 			Pattern.CASE_INSENSITIVE);
 	
 	/**
@@ -286,8 +286,8 @@ public class EncodeUtils {
 		return null;
 	}
 	
-//	public static void main(String[] args) {
-//		int i = 0;
+	public static void main(String[] args) {
+		int i = 0;
 //		xssFilter((++i)+"你好，<script>alert(document.cookie)</script>我还在。");
 //		xssFilter((++i)+"你好，<strong>加粗文字</strong>我还在。");
 //		xssFilter("<!--HTML-->"+(++i)+"你好，\"><strong>加粗文字</strong>我还在。");
@@ -313,10 +313,11 @@ public class EncodeUtils {
 //		xssFilter("<!--HTML-->"+(++i)+"你好，<a href='javascript:alert(\"abc\");'>hello</a>我还在。");
 //		xssFilter("<!--HTML-->"+(++i)+"你好，?abc=def&hello=123&world={\"a\":1}我还在。");
 //		xssFilter("<!--HTML-->"+(++i)+"你好，?abc=def&hello=123&world={'a':1}我还在。");
-//		sqlFilter((++i)+"你好，select * from xxx where abc=def and 1=1我还在。");
-//		sqlFilter((++i)+"你好，insert into xxx values(1,2,3,4,5)我还在。");
-//		sqlFilter((++i)+"你好，delete from xxx我还在。");
-//		sqlFilter((++i)+"a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(11111111111111111) end then 1 else 1/0 end");
-//	}
+		sqlFilter((++i)+"你好，select * from xxx where abc=def and 1=1我还在。");
+		sqlFilter((++i)+"你好，insert into xxx values(1,2,3,4,5)我还在。");
+		sqlFilter((++i)+"你好，delete from xxx我还在。");
+		sqlFilter((++i)+"你好，a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(11111111111111111) end then 1 else 1/0 end");
+		sqlFilter((++i)+"你好，if(1=2,1,SLEEP(10))");
+	}
 	
 }