From 38678bd007aa804bf41b2052f00f29f2d3364cb9 Mon Sep 17 00:00:00 2001
From: TommyLemon <1184482681@qq.com>
Date: Sat, 26 Oct 2019 17:33:15 +0800
Subject: [PATCH] =?UTF-8?q?Server:=20APIJSONORM=20=E6=94=AF=E6=8C=81?=
=?UTF-8?q?=E5=9C=A8=20column=20=E7=9A=84=20SQL=20=E5=87=BD=E6=95=B0?=
=?UTF-8?q?=E9=87=8C=E4=BC=A0=E9=9D=9E=E5=AD=97=E6=AE=B5=E5=8F=82=E6=95=B0?=
=?UTF-8?q?=EF=BC=8C=E5=8F=AF=E7=94=A8=E4=BA=8E=E6=97=B6=E9=97=B4=E6=A0=BC?=
=?UTF-8?q?=E5=BC=8F=E5=8C=96=E7=AD=89=EF=BC=9B=E8=A7=A3=E5=86=B3=E5=AF=B9?=
=?UTF-8?q?=20SQL=20Server=20=E7=94=9F=E6=88=90=E7=9A=84=E6=80=A7=E8=83=BD?=
=?UTF-8?q?=E5=88=86=E6=9E=90=E8=AF=AD=E5=8F=A5=E9=94=99=E8=AF=AF=E5=AF=BC?=
=?UTF-8?q?=E8=87=B4=E6=8B=BF=E4=B8=8D=E5=88=B0=E6=AD=A3=E7=A1=AE=E7=9A=84?=
=?UTF-8?q?=E7=BB=93=E6=9E=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../APIJSONBoot/apijson-boot.iml | 66 +++++++++++++++++++
.../apijson/server/AbstractSQLConfig.java | 20 ++++--
.../apijson/server/AbstractSQLExecutor.java | 7 +-
3 files changed, 85 insertions(+), 8 deletions(-)
create mode 100644 APIJSON-Java-Server/APIJSONBoot/apijson-boot.iml
diff --git a/APIJSON-Java-Server/APIJSONBoot/apijson-boot.iml b/APIJSON-Java-Server/APIJSONBoot/apijson-boot.iml
new file mode 100644
index 000000000..9493b9dad
--- /dev/null
+++ b/APIJSON-Java-Server/APIJSONBoot/apijson-boot.iml
@@ -0,0 +1,66 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
index a1483bfa8..601d9c625 100755
--- a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
+++ b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
@@ -856,16 +856,26 @@ public String getColumnString(boolean inSQLJoin) throws Exception {
}
}
else {
- if ((StringUtil.isName(origin) == false || origin.startsWith("_"))) {
+// if ((StringUtil.isName(origin) == false || origin.startsWith("_"))) {
+ if (origin.startsWith("_") || PATTERN_FUNCTION.matcher(origin).matches() == false) {
throw new IllegalArgumentException("字符 " + ckeys[j] + " 不合法!"
+ "预编译模式下 @column:\"column0,column1:alias;function0(arg0,arg1,...);function1(...):alias...\""
- + " 中所有 arg 都必须是1个不以 _ 开头的单词!DISTINCT 必须全大写,且后面必须有且只有 1 个空格!其它情况不允许空格!");
+ + " 中所有 arg 都必须是1个不以 _ 开头的单词 或者符合正则表达式 " + PATTERN_FUNCTION + " !DISTINCT 必须全大写,且后面必须有且只有 1 个空格!其它情况不允许空格!");
}
}
}
//JOIN 副表不再在外层加副表名前缀 userId AS `Commet.userId`, 而是直接 userId AS `userId`
- origin = quote + origin + quote;
+ if (StringUtil.isNumer(origin)) {
+ //do nothing
+ }
+ else if (StringUtil.isName(origin)) {
+ origin = quote + origin + quote;
+ }
+ else {
+ origin = getValue(origin).toString();
+ }
+
if (isKeyPrefix()) {
ckeys[j] = tableAlias + "." + origin;
// if (isColumn) {
@@ -1764,10 +1774,12 @@ public String getBetweenString(String key, Object start, Object end) throws Ille
// * 和 / 不能同时出现,防止 /* */ 段注释! # 和 -- 不能出现,防止行注释! ; 不能出现,防止隔断SQL语句!空格不能出现,防止 CRUD,DROP,SHOW TABLES等语句!
private static final Pattern PATTERN_RANGE;
+ private static final Pattern PATTERN_FUNCTION;
private static final Pattern PATTERN_HAVING;
private static final Pattern PATTERN_HAVING_SUFFIX;
static {
PATTERN_RANGE = Pattern.compile("^[0-9%!=<>,]+$"); // ^[a-zA-Z0-9_*%!=<>(),"]+$ 导致 exists(select*from(Comment)) 通过!
+ PATTERN_FUNCTION = Pattern.compile("^[A-Za-z0-9%-_:!=<> ]+$"); //TODO 改成更好的正则,校验前面为单词,中间为操作符,后面为值
PATTERN_HAVING = Pattern.compile("^[A-Za-z0-9%!=<>]+$"); //TODO 改成更好的正则,校验前面为单词,中间为操作符,后面为值
PATTERN_HAVING_SUFFIX = Pattern.compile("^[0-9%!=<>]+$"); // ^[a-zA-Z0-9_*%!=<>(),"]+$ 导致 exists(select*from(Comment)) 通过!
}
@@ -2137,7 +2149,7 @@ public static String getSQL(AbstractSQLConfig config) throws Exception {
default:
config.setPreparedValueList(new ArrayList