From 429f654733716bc0afc44c22effddcbede3c8de5 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Wed, 30 Apr 2025 15:41:10 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=AE=89=E5=85=A8=E6=BC=8F=E6=B4=9E-?=
 =?UTF-8?q?=E7=A4=BE=E5=8C=BA=E7=89=88=E6=9D=83=E9=99=90=E7=BB=95=E8=BF=87?=
 =?UTF-8?q?=20H2=20RCE=20Bypass?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/io/dataease/datasource/type/H2.java         | 4 +++-
 .../java/io/dataease/auth/filter/CommunityTokenFilter.java    | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java b/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
index 91be8e92ad..e879e72219 100644
--- a/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
@@ -3,16 +3,18 @@ package io.dataease.datasource.type;
 import io.dataease.exception.DEException;
 import io.dataease.extensions.datasource.vo.DatasourceConfiguration;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 
+@EqualsAndHashCode(callSuper = true)
 @Data
 @Component("h2")
 public class H2 extends DatasourceConfiguration {
     private String driver = "org.h2.Driver";
 
     public String getJdbc() {
-        if (jdbc.contains("INIT") || jdbc.contains("RUNSCRIPT")) {
+        if (StringUtils.containsAnyIgnoreCase(jdbc, "INIT", "RUNSCRIPT")) {
             DEException.throwException("Has illegal parameter: " + jdbc);
         }
         return jdbc;
diff --git a/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java b/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java
index 91211b4de6..c2cc44fdd1 100644
--- a/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java
+++ b/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java
@@ -61,6 +61,7 @@ public class CommunityTokenFilter implements Filter {
                 String msg = URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8).replace("+", "%20");
                 headers.add(headName, msg);
                 sendResponseEntity(res, new ResponseEntity<>(e.getMessage(), headers, HttpStatus.UNAUTHORIZED));
+                return;
             }
         }