• Home
• com.kukababy
• jdbc-plus
• 0.1.5
• source code
• Valid.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.kukababy.plus.pager.Valid Maven / Gradle / Ivy

package com.kukababy.plus.pager;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/**
 * 
 * 描述:
 * 
 * @author [email protected]
 * @date 2019年3月5日 下午10:46:38
 */
public class Valid {

	

	/**
	 * 
	 * 

	 * 
	 * 描述:
	 * 清除表达式里无效的字段命名，阻止无效客户端的攻击
	 * String validFields = "name,a.name;compName,b.name" ;
	 * 
	 * 
	 * @param sqlFilter
	 * @param validFields
	 */

	public static void cleanInvalidField(SqlFilter sqlFilter, String validFields) {

		List filters = sqlFilter.getFilters();
		if (validFields != null) {
			cleanInvalidField(filters, validFields);
		}
	}

	/**
	 * 
	 * 描述: 

	 * 
	 * 
	 * 清除表达式里无效的字段命名，阻止无效客户端的攻击
	 * String validFields = "name,a.name;compName,b.name" ;
	 * 
	 * 
	 * 
	 * 
	 * @param filters
	 * @param validFields
	 */
	public static void cleanInvalidField(List filters, String validFields) {
		if (validFields == null) {
			filters = null;
		}
		Map _validFields = new HashMap();
		if (validFields != null) {
			String dars[] = validFields.split(";");
			for (String dar : dars) {
				String fields[] = dar.split(",");
				_validFields.put(fields[0], fields[1]);
			}
		}

		if (filters != null && !filters.isEmpty()) {
			Iterator it = filters.iterator();
			while (it.hasNext()) {
				Filter filter = it.next();
				if (filter.getCol() == null) {
					it.remove();
				} else {
					String col = _validFields.get(filter.getCol());
					if (col == null) {
						it.remove();
					} else {
						filter.setCol(col);// 换成数据库支持的字段名
					}
				}
			}
		}
	}

	
}