⚡ SqlKeyword类增加特殊字符清除逻辑

blade-core-mybatis/src/main/java/org/springblade/core/mp/base/BaseEntity.java

@@ -50,14 +50,14 @@ public class BaseEntity implements Serializable {
 	 * 创建人
 	 */
 	@JsonSerialize(using = ToStringSerializer.class)
-	@Schema(description = "创建人")
+	@Schema(description = "创建人", hidden = true)
 	private Long createUser;
 
 	/**
 	 * 创建部门
 	 */
 	@JsonSerialize(using = ToStringSerializer.class)
-	@Schema(description = "创建部门")
+	@Schema(description = "创建部门", hidden = true)
 	private Long createDept;
 
 	/**
@@ -65,14 +65,14 @@ public class BaseEntity implements Serializable {
 	 */
 	@DateTimeFormat(pattern = DateUtil.PATTERN_DATETIME)
 	@JsonFormat(pattern = DateUtil.PATTERN_DATETIME)
-	@Schema(description = "创建时间")
+	@Schema(description = "创建时间", hidden = true)
 	private Date createTime;
 
 	/**
 	 * 更新人
 	 */
 	@JsonSerialize(using = ToStringSerializer.class)
-	@Schema(description = "更新人")
+	@Schema(description = "更新人", hidden = true)
 	private Long updateUser;
 
 	/**
@@ -80,19 +80,19 @@ public class BaseEntity implements Serializable {
 	 */
 	@DateTimeFormat(pattern = DateUtil.PATTERN_DATETIME)
 	@JsonFormat(pattern = DateUtil.PATTERN_DATETIME)
-	@Schema(description = "更新时间")
+	@Schema(description = "更新时间", hidden = true)
 	private Date updateTime;
 
 	/**
 	 * 状态[1:正常]
 	 */
-	@Schema(description = "业务状态")
+	@Schema(description = "业务状态", hidden = true)
 	private Integer status;
 
 	/**
 	 * 状态[0:未删除,1:删除]
 	 */
 	@TableLogic
-	@Schema(description = "是否已删除")
+	@Schema(description = "是否已删除", hidden = true)
 	private Integer isDeleted;
 }

blade-core-mybatis/src/main/java/org/springblade/core/mp/support/SqlKeyword.java

@@ -138,11 +138,13 @@ public class SqlKeyword {
 	 */
 	@SneakyThrows(SQLException.class)
 	public static String filter(String param) {
-		if (param == null) {
+		// 清除特殊字符
+		String cleaned = StringUtil.cleanIdentifier(param);
+		if (cleaned == null) {
 			return null;
 		}
 		// 将校验到的sql关键词替换为空字符串
-		String sql = param.replaceAll(SQL_REGEX, StringPool.EMPTY);
+		String sql = cleaned.replaceAll(SQL_REGEX, StringPool.EMPTY);
 		// 二次校验，避免双写绕过等情况出现
 		if (match(sql)) {
 			throw new SQLException(SQL_INJECTION_MESSAGE);

blade-core-swagger/src/main/java/org/springblade/core/swagger/SwaggerLauncherServiceImpl.java

@@ -34,11 +34,15 @@ public class SwaggerLauncherServiceImpl implements LauncherService {
 	public void launcher(SpringApplicationBuilder builder, String appName, String profile) {
 		Properties props = System.getProperties();
 		if (profile.equals(AppConstant.PROD_CODE)) {
-			props.setProperty("knife4j.production", "true");
 			props.setProperty("swagger.enabled", "false");
+			props.setProperty("knife4j.enable", "false");
+			props.setProperty("knife4j.production", "true");
+		} else {
+			props.setProperty("swagger.enabled", "true");
+			props.setProperty("knife4j.enable", "true");
+			props.setProperty("knife4j.production", "false");
+			props.setProperty("spring.mvc.pathmatch.matching-strategy", "ANT_PATH_MATCHER");
 		}
-		props.setProperty("knife4j.enable", "true");
-		props.setProperty("spring.mvc.pathmatch.matching-strategy", "ANT_PATH_MATCHER");
 	}
 
 	@Override

blade-core-swagger/src/main/resources/blade-swagger.yml

@@ -8,6 +8,8 @@ springdoc:
   api-docs:
     enabled: true
     path: /v3/api-docs
+  # 默认是false，需要设置为true
+  default-flat-param-object: true
 
 #knife4j配置
 knife4j: