⚡ 修复mybatis-plus排序字段的sql注入问题，优化saber代码生成模板

2019-07-02 16:02:22 +08:00 · 2019-07-02 16:02:22 +08:00 · 9d107e3696
parent eb9ddd1b7e
commit 9d107e3696
1 changed files with 1 additions and 1 deletions
--- a/blade-core-mybatis/src/main/java/org/springblade/core/mp/support/SqlKeyword.java
+++ b/blade-core-mybatis/src/main/java/org/springblade/core/mp/support/SqlKeyword.java
@ -28,7 +28,7 @@ import java.util.Map;
 * @author Chill
 */
 public class SqlKeyword {
-	private final static String SQL_REGEX = "'|%|--|insert|delete|update|select|count|group|union|create|drop|truncate|alter|grant|execute|exec|xp_cmdshell|call|declare|sql";
+	private final static String SQL_REGEX = "'|%|--|insert|delete|update|select|count|group|union|drop|truncate|alter|grant|execute|exec|xp_cmdshell|call|declare|sql";

 	private static final String EQUAL = "_equal";
 	private static final String NOT_EQUAL = "_notequal";