From 6031af36635db5d874910d814142ed6bf2907f8f Mon Sep 17 00:00:00 2001
From: taojinlong <jinlong@fit2cloud.com>
Date: Wed, 12 Jul 2023 10:11:49 +0800
Subject: [PATCH 1/2] =?UTF-8?q?fix:=20=E6=A0=A1=E9=AA=8C=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E5=BA=93=E5=90=8D=E7=A7=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/io/dataease/provider/datasource/JdbcProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
index 7cd8d68d03..fe9e1b457a 100644
--- a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
+++ b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
@@ -796,7 +796,7 @@ public class JdbcProvider extends DefaultJdbcProvider {
                 break;
             case sqlServer:
                 SqlServerConfiguration sqlServerConfiguration = new Gson().fromJson(datasource.getConfiguration(), SqlServerConfiguration.class);
-                if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_-]{1,}$")){
+                if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_.-]{1,}$")){
                     throw new Exception("Invalid database name");
                 }
                 break;

From bd189c710edf25b6395919d2898db8551474afd4 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Wed, 12 Jul 2023 10:27:36 +0800
Subject: [PATCH 2/2] =?UTF-8?q?fix(=E5=BA=94=E7=94=A8=E7=AE=A1=E7=90=86):?=
 =?UTF-8?q?=20=E5=BA=94=E7=94=A8=E8=AE=B0=E5=BD=95=E6=9F=A5=E8=AF=A2?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8sql=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/panel/AppLogController.java    |  2 +
 .../io/dataease/ext/ExtDataSourceMapper.java  |  2 +-
 .../service/datasource/DatasourceService.java | 44 +++++++------------
 3 files changed, 18 insertions(+), 30 deletions(-)

diff --git a/backend/src/main/java/io/dataease/controller/panel/AppLogController.java b/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
index 45a547acf3..207cbbb05e 100644
--- a/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
+++ b/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
@@ -3,6 +3,7 @@ package io.dataease.controller.panel;
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.dataease.auth.annotation.SqlInjectValidator;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.controller.handler.annotation.I18n;
@@ -35,6 +36,7 @@ public class AppLogController {
             @ApiImplicitParam(paramType = "path", name = "pageSize", value = "页容量", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "request", value = "查询条件", required = true)
     })
+    @SqlInjectValidator(value = {"apply_time"})
     public Pager<List<AppLogGridDTO>> logGrid(@PathVariable int goPage, @PathVariable int pageSize,
                                               @RequestBody KeyGridRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
diff --git a/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java b/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
index f3ca151aa7..2ea36a98bf 100644
--- a/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
+++ b/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
@@ -10,7 +10,7 @@ import java.util.List;
 
 public interface ExtDataSourceMapper {
 
-    List<DatasourceDTO> query(GridExample example);
+    // List<DatasourceDTO> query(GridExample example);
 
     List<DatasourceDTO> queryUnion(DatasourceUnionRequest request);
 
diff --git a/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java b/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
index e3f5ff4cd7..5279561c30 100644
--- a/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
+++ b/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
@@ -6,30 +6,28 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.reflect.TypeToken;
 import io.dataease.auth.annotation.DeCleaner;
-import io.dataease.commons.constants.RedisConstants;
-import io.dataease.commons.utils.BeanUtils;
-import io.dataease.controller.sys.response.BasicInfo;
-import io.dataease.dto.TaskInstance;
-import io.dataease.ext.ExtDataSourceMapper;
-import io.dataease.ext.ExtTaskInstanceMapper;
-import io.dataease.ext.UtilMapper;
-import io.dataease.ext.query.GridExample;
 import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.RedisConstants;
 import io.dataease.commons.constants.SysAuthConstants;
 import io.dataease.commons.exception.DEException;
 import io.dataease.commons.model.AuthURD;
 import io.dataease.commons.utils.AuthUtils;
+import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.CommonThreadPool;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.controller.ResultHolder;
 import io.dataease.controller.datasource.request.UpdataDsRequest;
 import io.dataease.controller.request.DatasourceUnionRequest;
 import io.dataease.controller.request.datasource.ApiDefinition;
-import io.dataease.controller.sys.base.BaseGridRequest;
-import io.dataease.controller.sys.base.ConditionEntity;
+import io.dataease.controller.sys.response.BasicInfo;
 import io.dataease.dto.DatasourceDTO;
+import io.dataease.dto.TaskInstance;
 import io.dataease.dto.dataset.DataTableInfoDTO;
-import io.dataease.dto.datasource.*;
+import io.dataease.dto.datasource.DBTableDTO;
+import io.dataease.dto.datasource.MysqlConfiguration;
+import io.dataease.ext.ExtDataSourceMapper;
+import io.dataease.ext.ExtTaskInstanceMapper;
+import io.dataease.ext.UtilMapper;
 import io.dataease.i18n.Translator;
 import io.dataease.plugins.common.base.domain.*;
 import io.dataease.plugins.common.base.mapper.DatasetTableMapper;
@@ -163,7 +161,7 @@ public class DatasourceService {
         List<DatasourceDTO> datasourceDTOS = extDataSourceMapper.queryUnion(request);
         datasourceDTOS.forEach(this::datasourceTrans);
         if (StringUtils.isBlank(request.getSort())) {
-            datasourceDTOS.sort((o1,o2) -> {
+            datasourceDTOS.sort((o1, o2) -> {
                 int tmp = StringUtils.compareIgnoreCase(o1.getTypeDesc(), o2.getTypeDesc());
                 if (tmp == 0) {
                     tmp = StringUtils.compareIgnoreCase(o1.getName(), o2.getName());
@@ -247,19 +245,6 @@ public class DatasourceService {
         return result;
     }
 
-    public List<DatasourceDTO> gridQuery(BaseGridRequest request) {
-        //如果没有查询条件增加一个默认的条件
-        if (CollectionUtils.isEmpty(request.getConditions())) {
-            ConditionEntity conditionEntity = new ConditionEntity();
-            conditionEntity.setField("1");
-            conditionEntity.setOperator("eq");
-            conditionEntity.setValue("1");
-            request.setConditions(Collections.singletonList(conditionEntity));
-        }
-        GridExample gridExample = request.convertExample();
-        gridExample.setExtendCondition(String.valueOf(AuthUtils.getUser().getUserId()));
-        return extDataSourceMapper.query(gridExample);
-    }
 
     @DeCleaner(DePermissionType.DATASOURCE)
     public ResultHolder deleteDatasource(String datasourceId) throws Exception {
@@ -301,11 +286,12 @@ public class DatasourceService {
             DatasetTableExample datasetTableExample = new DatasetTableExample();
             datasetTableExample.createCriteria().andDataSourceIdEqualTo(id);
             List<DatasetTable> datasetTables = datasetTableMapper.selectByExample(datasetTableExample);
-            List<ApiDefinition> apiDefinitionList = new Gson().fromJson(datasource.getConfiguration(), new TypeToken<List<ApiDefinition>>() {}.getType());
+            List<ApiDefinition> apiDefinitionList = new Gson().fromJson(datasource.getConfiguration(), new TypeToken<List<ApiDefinition>>() {
+            }.getType());
             apiDefinitionList.forEach(apiDefinition -> {
-                if(apiDefinition.isReName()){
+                if (apiDefinition.isReName()) {
                     datasetTables.forEach(datasetTable -> {
-                        if(new Gson().fromJson(datasetTable.getInfo(), DataTableInfoDTO.class).getTable().equals(apiDefinition.getOrgName())){
+                        if (new Gson().fromJson(datasetTable.getInfo(), DataTableInfoDTO.class).getTable().equals(apiDefinition.getOrgName())) {
                             DatasetTable record = new DatasetTable();
                             DataTableInfoDTO dataTableInfoDTO = new DataTableInfoDTO();
                             dataTableInfoDTO.setTable(apiDefinition.getName());
@@ -650,7 +636,7 @@ public class DatasourceService {
 
     public void updateDemoDs() {
         Datasource datasource = datasourceMapper.selectByPrimaryKey("76026997-94f9-4a35-96ca-151084638969");
-        if(datasource == null){
+        if (datasource == null) {
             return;
         }
         MysqlConfiguration mysqlConfiguration = new Gson().fromJson(datasource.getConfiguration(), MysqlConfiguration.class);