diff --git a/core/core-backend/src/main/java/io/dataease/datasource/server/DatasourceServer.java b/core/core-backend/src/main/java/io/dataease/datasource/server/DatasourceServer.java index 7019a45686..04493c2f74 100644 --- a/core/core-backend/src/main/java/io/dataease/datasource/server/DatasourceServer.java +++ b/core/core-backend/src/main/java/io/dataease/datasource/server/DatasourceServer.java @@ -672,6 +672,9 @@ public class DatasourceServer implements DatasourceApi { @Override public List getTables(DatasetTableDTO datasetTableDTO) throws DEException { CoreDatasource coreDatasource = datasourceMapper.selectById(datasetTableDTO.getDatasourceId()); + if (coreDatasource == null) { + DEException.throwException("无效数据源!"); + } DatasourceDTO datasourceDTO = new DatasourceDTO(); BeanUtils.copyBean(datasourceDTO, coreDatasource); DatasourceRequest datasourceRequest = new DatasourceRequest(); @@ -698,6 +701,11 @@ public class DatasourceServer implements DatasourceApi { public List getTableField(Map req) throws DEException { String tableName = req.get("tableName"); String datasourceId = req.get("datasourceId"); + DatasetTableDTO datasetTableDTO = new DatasetTableDTO(); + datasetTableDTO.setDatasourceId(Long.valueOf(datasourceId)); + if (!getTables(datasetTableDTO).stream().map(DatasetTableDTO::getTableName).collect(Collectors.toList()).contains("tableName")) { + DEException.throwException("无效的表名!"); + } CoreDatasource coreDatasource = datasourceMapper.selectById(datasourceId); DatasourceRequest datasourceRequest = new DatasourceRequest(); datasourceRequest.setDatasource(transDTO(coreDatasource)); diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java b/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java index 91f77f9a5f..4f53448899 100644 --- a/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java +++ b/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java @@ -20,6 +20,11 @@ public class Mysql extends DatasourceConfiguration { public String getJdbc() { if(StringUtils.isNoneEmpty(getUrlType()) && !getUrlType().equalsIgnoreCase("hostName")){ + for (String illegalParameter : illegalParameters) { + if (getJdbcUrl().toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(getExtraParams()).contains(illegalParameter.toLowerCase())) { + DEException.throwException("Illegal parameter: " + illegalParameter); + } + } return getJdbcUrl(); } if (StringUtils.isEmpty(extraParams.trim())) { diff --git a/core/core-frontend/src/views/visualized/data/datasource/index.vue b/core/core-frontend/src/views/visualized/data/datasource/index.vue index 607522ce79..cf41e7ae30 100644 --- a/core/core-frontend/src/views/visualized/data/datasource/index.vue +++ b/core/core-frontend/src/views/visualized/data/datasource/index.vue @@ -919,25 +919,29 @@ const handleClick = (tabName: TabPaneName) => { switch (tabName) { case 'config': tableData.value = [] - listDatasourceTables({ datasourceId: nodeInfo.id }).then(res => { - tabList.value = res.data.map(ele => { - const { name, tableName } = ele - return { - value: name, - label: tableName - } - }) - if (!!tabList.value.length && !activeTab.value) { - activeTab.value = tabList.value[0].value - if (nodeInfo.type === 'Excel') { + if (nodeInfo.type === 'Excel') { + listDatasourceTables({ datasourceId: nodeInfo.id }).then(res => { + tabList.value = res.data.map(ele => { + const { name, tableName } = ele + return { + value: name, + label: tableName + } + }) + if (!!tabList.value.length && !activeTab.value) { + activeTab.value = tabList.value[0].value handleTabClick(activeTab) } - } - tableData.value = res.data - }) + tableData.value = res.data + }) + } break case 'table': - initSearch() + tableData.value = [] + listDatasourceTables({ datasourceId: nodeInfo.id }).then(res => { + tableData.value = res.data + initSearch() + }) break default: break