From 3e95dd21f2e719dc127dde300953015d03941ce2 Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: 星期四, 31 八月 2023 10:17:32 +0800
Subject: [PATCH] !772 修改未登录访问需要登录的资源,在登录后重定向丢失请求参数问题 Merge pull request !772 from who's hu/pr

---
 ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
index 40a800d..9f40118 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
@@ -21,6 +21,11 @@
     public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";
 
     /**
+     * 限制orderBy最大长度
+     */
+    private static final int ORDER_BY_MAX_LENGTH = 500;
+
+    /**
      * 检查字符，防止注入绕过
      */
     public static String escapeOrderBySql(String value)
@@ -29,6 +34,10 @@
         {
             throw new UtilException("参数不符合规范，不能进行查询");
         }
+        if (StringUtils.length(value) > ORDER_BY_MAX_LENGTH)
+        {
+            throw new UtilException("参数已超过最大限制，不能进行查询");
+        }
         return value;
     }
 

--
Gitblit v1.9.2