Skip to content

Commit 2f4574e

Browse files
TommyLemonTommyLemon
committed
Server:预编译模式下支持 key{}:"conditions" 实现部分简单的数学表达式
1 parent 93c53d4 commit 2f4574e

File tree

1 file changed

+16
-7
lines changed

1 file changed

+16
-7
lines changed

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@
2121
import static zuo.biao.apijson.JSONObject.KEY_HAVING;
2222
import static zuo.biao.apijson.JSONObject.KEY_ID;
2323
import static zuo.biao.apijson.JSONObject.KEY_ID_IN;
24-
import static zuo.biao.apijson.JSONObject.KEY_USER_ID;
25-
import static zuo.biao.apijson.JSONObject.KEY_USER_ID_IN;
2624
import static zuo.biao.apijson.JSONObject.KEY_ORDER;
2725
import static zuo.biao.apijson.JSONObject.KEY_ROLE;
2826
import static zuo.biao.apijson.JSONObject.KEY_SCHEMA;
27+
import static zuo.biao.apijson.JSONObject.KEY_USER_ID;
28+
import static zuo.biao.apijson.JSONObject.KEY_USER_ID_IN;
2929
import static zuo.biao.apijson.RequestMethod.DELETE;
3030
import static zuo.biao.apijson.RequestMethod.GET;
3131
import static zuo.biao.apijson.RequestMethod.POST;
@@ -43,6 +43,7 @@
4343
import java.util.Map;
4444
import java.util.Map.Entry;
4545
import java.util.Set;
46+
import java.util.regex.Pattern;
4647

4748
import com.alibaba.fastjson.JSON;
4849
import com.alibaba.fastjson.JSONArray;
@@ -276,7 +277,7 @@ public String getHavingString() {
276277
return "";
277278
}
278279
if (isPrepared()) {
279-
throw new UnsupportedOperationException("预编译模式下不允许传 @having:\"condition\" !");
280+
throw new UnsupportedOperationException("字符串 " + having + " 不合法!预编译模式下不允许传 @having:\"condition\" !");
280281
}
281282
return " HAVING " + having;
282283
}
@@ -857,6 +858,14 @@ public String getRegExpString(String key, String value) {
857858

858859

859860
//{} range <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
861+
862+
// * 和 / 不能同时出现,防止 /* */ 段注释! # 和 -- 不能出现,防止行注释! ; 不能出现,防止隔断SQL语句!空格不能出现,防止 CRUD,DROP,SHOW TABLES等语句!
863+
private static final Pattern PATTERN_RANGE;
864+
static {
865+
PATTERN_RANGE = Pattern.compile("^[0-9%!=<>,]+$"); // ^[a-zA-Z0-9_*%!=<>(),"]+$ 导致 exists(select*from(Comment)) 通过!
866+
}
867+
868+
860869
/**WHERE key > 'key0' AND key <= 'key1' AND ...
861870
* @param key
862871
* @param range "condition0,condition1..."
@@ -881,6 +890,10 @@ public String getRangeString(String key, Object range) throws Exception {
881890
throw new IllegalArgumentException(key + "{}\":[] 中key末尾的逻辑运算符只能用'|','!'中的一种 !");
882891
}
883892
if (range instanceof String) {//非Number类型需要客户端拼接成 < 'value0', >= 'value1'这种
893+
if (isPrepared() && PATTERN_RANGE.matcher((String) range).matches() == false) {
894+
throw new UnsupportedOperationException("字符串 " + range + " 不合法!预编译模式下 key{}:\"condition\" 中 condition 必须符合正则表达式 ^[0-9%!=<>,]+$ !不允许空格!");
895+
}
896+
884897
String[] conditions = StringUtil.split((String) range);
885898
String condition = "";
886899
if (conditions != null) {
@@ -896,10 +909,6 @@ public String getRangeString(String key, Object range) throws Exception {
896909
return "";
897910
}
898911

899-
if (isPrepared()) {
900-
throw new UnsupportedOperationException("预编译模式下不允许传 key{}:\"condition\" !");
901-
}
902-
903912
return getCondition(logic.isNot(), condition);
904913
}
905914

0 commit comments

Comments
 (0)