public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-16 05:50:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7703 from dataease/pr@dev-v2@fixds

Browse Source 
fix: 限制 mysql 非法参数
This commit is contained in:
taojinlong
2024-01-18 17:55:59 +08:00
committed by GitHub
parent 34bd4fe0a0 4128adf5fc
commit b9efdf30f4
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java
View File

@@ -6,6 +6,7 @@ import lombok.Data;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.List;
@@ -25,7 +26,7 @@ public class Mysql extends DatasourceConfiguration {
.replace("DATABASE", getDataBase().trim());
} else {
for (String illegalParameter : illegalParameters) {
if (getExtraParams().toLowerCase().contains(illegalParameter.toLowerCase())) {
if (getExtraParams().toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(getExtraParams()).contains(illegalParameter.toLowerCase())) {
DEException.throwException("Illegal parameter: " + illegalParameter);
}
}