何书鹏 / jinzhupro · 提交

转到一个项目

作者 Karson
提交 0a164777fee1fddaa2ba319d4dd27516df206cb1 1 个父辈 dd83a625

新增搜索字段安全检测 

修复find_in_set多值时无法查询的BUG
移除冗余查询代码
内嵌 并排对比
正在显示 2 个修改的文件 包含 12 行增加6 行删除
@@ -96,6 +96,9 @@ return [ @@ -96,6 +96,9 @@ return [
96 'End time' => '结束时间', 96 'End time' => '结束时间',
97 'Create time' => '创建时间', 97 'Create time' => '创建时间',
98 'Update time' => '更新时间', 98 'Update time' => '更新时间',
  99 + 'Createtime' => '创建时间',
  100 + 'Updatetime' => '更新时间',
  101 + 'Deletetime' => '删除时间',
99 'Flag' => '标志', 102 'Flag' => '标志',
100 'Drag to sort' => '拖动进行排序', 103 'Drag to sort' => '拖动进行排序',
101 'Redirect now' => '立即跳转', 104 'Redirect now' => '立即跳转',
@@ -266,7 +266,6 @@ class Backend extends Controller @@ -266,7 +266,6 @@ class Backend extends Controller
266 $tableName = ''; 266 $tableName = '';
267 if ($relationSearch) { 267 if ($relationSearch) {
268 if (!empty($this->model)) { 268 if (!empty($this->model)) {
269 - $name = \think\Loader::parseName(basename(str_replace('\\', '/', get_class($this->model))));  
270 $name = $this->model->getTable(); 269 $name = $this->model->getTable();
271 $tableName = $name . '.'; 270 $tableName = $name . '.';
272 } 271 }
@@ -290,6 +289,9 @@ class Backend extends Controller @@ -290,6 +289,9 @@ class Backend extends Controller
290 $where[] = [implode("|", $searcharr), "LIKE", "%{$search}%"]; 289 $where[] = [implode("|", $searcharr), "LIKE", "%{$search}%"];
291 } 290 }
292 foreach ($filter as $k => $v) { 291 foreach ($filter as $k => $v) {
  292 + if (!preg_match('/^[a-zA-Z0-9_\-\.]+$/', $k)) {
  293 + continue;
  294 + }
293 $sym = isset($op[$k]) ? $op[$k] : '='; 295 $sym = isset($op[$k]) ? $op[$k] : '=';
294 if (stripos($k, ".") === false) { 296 if (stripos($k, ".") === false) {
295 $k = $tableName . $k; 297 $k = $tableName . $k;
@@ -327,7 +329,12 @@ class Backend extends Controller @@ -327,7 +329,12 @@ class Backend extends Controller
327 case 'FINDIN': 329 case 'FINDIN':
328 case 'FINDINSET': 330 case 'FINDINSET':
329 case 'FIND_IN_SET': 331 case 'FIND_IN_SET':
330 - $where[] = "FIND_IN_SET('{$v}', " . ($relationSearch ? $k : '`' . str_replace('.', '`.`', $k) . '`') . ")"; 332 + $v = is_array($v) ? $v : explode(',', str_replace(' ', ',', $v));
  333 + foreach ($v as $index => $item) {
  334 + $item = str_replace([' ', ',', "'"], '', $item);
  335 + $item = addslashes(htmlentities(strip_tags($item)));
  336 + $where[] = "FIND_IN_SET('{$item}', `" . ($relationSearch ? str_replace('.', '`.`', $k) : $k) . "`)";
  337 + }
331 break; 338 break;
332 case 'IN': 339 case 'IN':
333 case 'IN(...)': 340 case 'IN(...)':
@@ -368,10 +375,6 @@ class Backend extends Controller @@ -368,10 +375,6 @@ class Backend extends Controller
368 } 375 }
369 $where[] = [$k, str_replace('RANGE', 'BETWEEN', $sym) . ' time', $arr]; 376 $where[] = [$k, str_replace('RANGE', 'BETWEEN', $sym) . ' time', $arr];
370 break; 377 break;
371 - case 'LIKE':  
372 - case 'LIKE %...%':  
373 - $where[] = [$k, 'LIKE', "%{$v}%"];  
374 - break;  
375 case 'NULL': 378 case 'NULL':
376 case 'IS NULL': 379 case 'IS NULL':
377 case 'NOT NULL': 380 case 'NOT NULL':