fix: 限制 mysql 非法参数

dataease · Jan 18, 2024 · 4128adf · 4128adf
1 parent 4890307
commit 4128adf
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java b/core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java
@@ -6,6 +6,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 
+import java.net.URLDecoder;
 import java.util.Arrays;
 import java.util.List;
 
@@ -25,7 +26,7 @@ public String getJdbc() {
                     .replace("DATABASE", getDataBase().trim());
         } else {
             for (String illegalParameter : illegalParameters) {
-                if (getExtraParams().toLowerCase().contains(illegalParameter.toLowerCase())) {
+                if (getExtraParams().toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(getExtraParams()).contains(illegalParameter.toLowerCase())) {
                     DEException.throwException("Illegal parameter: " + illegalParameter);
                 }
             }