From 0ced772c403923d79825a0efc3db133a26ed9712 Mon Sep 17 00:00:00 2001
From: java110 <928255095@qq.com>
Date: 星期二, 19 十月 2021 13:37:55 +0800
Subject: [PATCH] 优化代码

---
 service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java b/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
index 1bb0f79..6c57c57 100644
--- a/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
+++ b/service-oa/src/main/java/com/java110/oa/cmd/oaWorkflow/UpdateOaWorkflowFormData.java
@@ -75,12 +75,11 @@
         }
 
         List<String> columns = new ArrayList<>();
-        List<String> values = new ArrayList<>();
         for (String key : reqJson.keySet()) {
-            if ("flowId".equals(key) || "id".equals(key)) {
+            if ("flowId".equals(key) || "id".equals(key) || "storeId".equals(key)) {
                 continue;
             }
-            columns.add(key + "=" + reqJson.getString(key));
+            columns.add(key + "='" + reqJson.getString(key)+"'");
 
             //绠�鍗曟牎楠�
             validateColumns(columns);
@@ -111,7 +110,7 @@
     }
 
     public static boolean containsSqlInjection(Object obj) {
-        Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)\\b|(\\*|;|\\+|'|%)");
+        Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)");
         Matcher matcher = pattern.matcher(obj.toString().toLowerCase());
         return matcher.find();
     }

--
Gitblit v1.8.0