Merge pull request #9381 from ulleo/dev

feat(X-Pack): 取消新建数据填报数据库表时对表名和字段名的敏感词校验
2024-04-26 17:59:30 +08:00 · 2024-04-26 17:59:30 +08:00 · 6c83c98405
commit 6c83c98405
parent 957a74e54e 53ae10d82c
1 changed files with 6 additions and 6 deletions
--- a/core/backend/src/main/java/io/dataease/provider/ext/MysqlExtDDLProvider.java
+++ b/core/backend/src/main/java/io/dataease/provider/ext/MysqlExtDDLProvider.java
@ -39,9 +39,9 @@ public class MysqlExtDDLProvider extends DefaultExtDDLProvider {
    @Override
    public String createTableSql(String table, List<ExtTableField> formFields) {
        //check inject
-        if (checkSqlInjection(table)) {
+        /*if (checkSqlInjection(table)) {
            throw new RuntimeException("包含SQL注入的参数，请检查参数！");
-        }
+        }*/

        List<ExtTableField.TableField> fields = convertTableFields(true, formFields);
        String fieldSql = convertTableFieldsString(table, fields);
@ -249,9 +249,9 @@ public class MysqlExtDDLProvider extends DefaultExtDDLProvider {
            }

            //check inject
-            if (checkSqlInjection(field.getColumnName())) {
+            /*if (checkSqlInjection(field.getColumnName())) {
                throw new RuntimeException("包含SQL注入的参数，请检查参数！");
-            }
+            }*/

            //column name
            str.append("`").append(field.getColumnName()).append("` ");
@ -345,9 +345,9 @@ public class MysqlExtDDLProvider extends DefaultExtDDLProvider {
        }

        //check inject
-        if (checkSqlInjection(table) || checkSqlInjection(indexField.getName())) {
+        /*if (checkSqlInjection(table) || checkSqlInjection(indexField.getName())) {
            throw new RuntimeException("包含SQL注入的参数，请检查参数！");
-        }
+        }*/

        int count = 0;
        for (ExtIndexField.ColumnSetting indexFieldColumn : indexField.getColumns()) {