From be0b36f6b928c349a197092cc4695d6825777736 Mon Sep 17 00:00:00 2001
From: yangfanao <2364917935@qq.com>
Date: 星期二, 25 四月 2023 17:35:36 +0800
Subject: [PATCH] update ruoyi-ui/src/layout/components/Sidebar/Logo.vue. 修改了第38行的/* title: '若依后台管理系统',  */ 为/* title: process.env.VUE_APP_TITLE, */，使得侧边栏的平台标题内容可以和vue.config.js里面的process.env.VUE_APP_TITLE保持同步。

---
 ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
index 71a7ae1..40a800d 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
@@ -13,7 +13,7 @@
     /**
      * 定义常用的 sql关键字
      */
-    public static String SQL_REGEX = "select |insert |delete |update |drop |count |exec |chr |mid |master |truncate |char |and |declare ";
+    public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()";
 
     /**
      * 仅支持字母、数字、下划线、空格、逗号、小数点（支持多个字段排序）
@@ -50,9 +50,9 @@
             return;
         }
         String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
-        for (int i = 0; i < sqlKeywords.length; i++)
+        for (String sqlKeyword : sqlKeywords)
         {
-            if (StringUtils.indexOfIgnoreCase(value, sqlKeywords[i]) > -1)
+            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1)
             {
                 throw new UtilException("参数存在SQL注入风险");
             }

--
Gitblit v1.9.2