From 7e1829593cebc890777dbdd7c23a49a0f36a09cc Mon Sep 17 00:00:00 2001
From: taojinlong <jinlong@fit2cloud.com>
Date: Wed, 25 Feb 2026 16:42:17 +0800
Subject: [PATCH] =?UTF-8?q?fix:=E3=80=90=E6=BC=8F=E6=B4=9E=E3=80=91?=
 =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20H2=20JDBC=20RCE=20Bypass?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/io/dataease/datasource/type/H2.java          | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java b/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
index 5b9ac19da7..ae91feb9e4 100644
--- a/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
@@ -9,6 +9,7 @@ import org.springframework.stereotype.Component;
 
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 
 @EqualsAndHashCode(callSuper = true)
 @Data
@@ -18,7 +19,7 @@ public class H2 extends DatasourceConfiguration {
 
     public String getJdbc() {
         for (String illegalParameter : getH2IllegalParameters()) {
-            if (jdbc.toUpperCase().replace("\\", "").contains(illegalParameter)) {
+            if (jdbc.toUpperCase(Locale.ENGLISH).replace("\\", "").contains(illegalParameter)) {
                 DEException.throwException("Has illegal parameter: " + jdbc);
             }
         }