From 4e3b2a7ae2a98e8171a0ebca4f9c6bb43437cd6f Mon Sep 17 00:00:00 2001 From: taojinlong Date: Wed, 30 Nov 2022 15:17:37 +0800 Subject: [PATCH 1/3] =?UTF-8?q?fix:=20=E4=B8=8A=E4=BC=A0excel=E9=99=90?= =?UTF-8?q?=E5=88=B6=E6=96=87=E4=BB=B6=E5=A4=A7=E5=B0=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/dataease/commons/filter/SqlFilter.java | 58 +++++++++++-------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java index 6439f27b8e..37566a083c 100644 --- a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java +++ b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java @@ -12,10 +12,13 @@ import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.*; +import java.util.ArrayList; +import java.util.List; public class SqlFilter implements Filter { + private List excludedUris = new ArrayList<>(); @Override public void destroy() { @@ -34,38 +37,43 @@ public class SqlFilter implements Filter { return; } - String method = "GET"; - String param; - XssAndSqlHttpServletRequestWrapper xssRequest = null; - if (request instanceof HttpServletRequest) { - method = ((HttpServletRequest) request).getMethod(); - xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request); - } - if ("POST".equalsIgnoreCase(method)) { - param = this.getBodyString(xssRequest.getReader()); - if (StringUtils.isNotBlank(param)) { - if (xssRequest.checkXSSAndSql(param)) { - response.setCharacterEncoding("UTF-8"); - response.setContentType("application/json;charset=UTF-8"); - String msg = ThreadLocalContextHolder.getData().toString(); - DEException.throwException(msg); - return; + if(excludedUris.contains(((HttpServletRequest) request).getRequestURI())){ + chain.doFilter(request, response); + }else { + String method = "GET"; + String param; + XssAndSqlHttpServletRequestWrapper xssRequest = null; + if (request instanceof HttpServletRequest) { + method = ((HttpServletRequest) request).getMethod(); + xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request); + } + if ("POST".equalsIgnoreCase(method)) { + param = this.getBodyString(xssRequest.getReader()); + if (StringUtils.isNotBlank(param)) { + if (xssRequest.checkXSSAndSql(param)) { + response.setCharacterEncoding("UTF-8"); + response.setContentType("application/json;charset=UTF-8"); + String msg = ThreadLocalContextHolder.getData().toString(); + DEException.throwException(msg); + return; + } } } + if (xssRequest.checkParameter()) { + response.setCharacterEncoding("UTF-8"); + response.setContentType("application/json;charset=UTF-8"); + String msg = ThreadLocalContextHolder.getData().toString(); + DEException.throwException(msg); + return; + } + chain.doFilter(xssRequest, response); } - if (xssRequest.checkParameter()) { - response.setCharacterEncoding("UTF-8"); - response.setContentType("application/json;charset=UTF-8"); - String msg = ThreadLocalContextHolder.getData().toString(); - DEException.throwException(msg); - return; - } - chain.doFilter(xssRequest, response); + } @Override public void init(FilterConfig filterConfig) throws ServletException { - + excludedUris.add("/dataset/table/excel/upload"); } // 获取request请求body中参数 From d1e09c33caf950eae03b8426537db00c3121ab11 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Wed, 30 Nov 2022 15:42:08 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix:=20sqlserver=20=E6=97=B6=E9=97=B4?= =?UTF-8?q?=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../provider/query/sqlserver/SqlserverQueryProvider.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java index 3e15036f49..1f0dd528ee 100644 --- a/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java +++ b/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java @@ -1338,8 +1338,9 @@ public class SqlserverQueryProvider extends QueryProvider { public List dateformat() { return JSONArray.parseArray("[\n" + "{\"dateformat\": \"102\", \"desc\": \"yyyy.mm.dd\"},\n" + - "{\"dateformat\": \"23\", \"desc\": \"yyyy-mm-dd\"},\n" + + "{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd\"},\n" + "{\"dateformat\": \"111\", \"desc\": \"yyyy/mm/dd\"},\n" + + "{\"dateformat\": \"112\", \"desc\": \"yyyymmdd\"},\n" + "{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd hh:mi:ss\"}\n" + "]", Dateformat.class); } From ba36f9d74d6b93e4c2b68915480a9abbba837a4b Mon Sep 17 00:00:00 2001 From: taojinlong Date: Wed, 30 Nov 2022 18:38:40 +0800 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=E6=97=B6=E9=97=B4=E6=A0=BC=E5=BC=8F?= =?UTF-8?q?=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/views/dataset/data/FieldEdit.vue | 3 +++ 1 file changed, 3 insertions(+) diff --git a/frontend/src/views/dataset/data/FieldEdit.vue b/frontend/src/views/dataset/data/FieldEdit.vue index 07d9f4bd90..1454f5eb2d 100644 --- a/frontend/src/views/dataset/data/FieldEdit.vue +++ b/frontend/src/views/dataset/data/FieldEdit.vue @@ -859,6 +859,9 @@ export default { if (item.dateFormatType !== 'custom') { item.dateFormat = item.dateFormatType } + }else { + item.dateFormatType = '' + item.dateFormat = '' } if (item.dateFormatType === 'custom' && !item.dateFormat) { return