From cb8626e8a3939f1c5029670a4004670640049e9b Mon Sep 17 00:00:00 2001
From: dataeaseShu <106045316+dataeaseShu@users.noreply.github.com>
Date: Sat, 22 Jul 2023 08:54:00 +0800
Subject: [PATCH 1/4] =?UTF-8?q?fix:=20xss=E5=AF=BC=E8=87=B4=E9=A1=B5?=
=?UTF-8?q?=E8=84=9A=E5=B1=9E=E6=80=A7=E6=98=BE=E7=A4=BA=E4=B8=8D=E6=AD=A3?=
=?UTF-8?q?=E5=B8=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
frontend/src/views/login/index.vue | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index 75a3db4e5f..c1f441246c 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -202,7 +202,7 @@
@@ -216,6 +216,7 @@ import { changeFavicon, showMultiLoginMsg } from '@/utils/index'
import { initTheme } from '@/utils/ThemeUtil'
import PluginCom from '@/views/system/plugin/PluginCom'
import Cookies from 'js-cookie'
+import xss from 'xss'
export default {
name: 'Login',
components: { PluginCom },
@@ -449,7 +450,25 @@ export default {
this.showFoot = this.uiInfo['ui.showFoot'].paramValue === true || this.uiInfo['ui.showFoot'].paramValue === 'true'
if (this.showFoot) {
const content = this.uiInfo['ui.footContent'] && this.uiInfo['ui.footContent'].paramValue
- this.footContent = content
+ const myXss = new xss.FilterXSS({
+ css: {
+ whiteList: {
+ 'background-color': true,
+ 'text-align': true,
+ 'margin-top': true,
+ 'margin-bottom': true,
+ 'line-height': true,
+ 'box-sizing': true,
+ 'padding-top': true,
+ 'padding-bottom': true
+ }
+ },
+ whiteList: {
+ ...xss.whiteList,
+ p: ['style']
+ }
+ })
+ this.footContent = myXss.process(content)
}
}
},
From 96bffefe7a2089f68748b2f199681f0cac3edb34 Mon Sep 17 00:00:00 2001
From: dataeaseShu <106045316+dataeaseShu@users.noreply.github.com>
Date: Sat, 22 Jul 2023 12:37:13 +0800
Subject: [PATCH 2/4] =?UTF-8?q?fix:=20xss=E5=AF=BC=E8=87=B4=E9=A1=B5?=
=?UTF-8?q?=E8=84=9A=E5=B1=9E=E6=80=A7=E6=98=BE=E7=A4=BA=E4=B8=8D=E6=AD=A3?=
=?UTF-8?q?=E5=B8=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
frontend/src/views/login/index.vue | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index c1f441246c..883ac0cc98 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -455,6 +455,7 @@ export default {
whiteList: {
'background-color': true,
'text-align': true,
+ 'color': true,
'margin-top': true,
'margin-bottom': true,
'line-height': true,
@@ -465,7 +466,8 @@ export default {
},
whiteList: {
...xss.whiteList,
- p: ['style']
+ p: ['style'],
+ span: ['style']
}
})
this.footContent = myXss.process(content)
From 031f588fbd38c71a6012054a87159ba695bb007a Mon Sep 17 00:00:00 2001
From: taojinlong
Date: Sat, 22 Jul 2023 23:47:52 +0800
Subject: [PATCH 3/4] =?UTF-8?q?fix:=20=E5=88=A4=E6=96=ADoracle=20timestemp?=
=?UTF-8?q?=E7=B1=BB=E5=9E=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../main/java/io/dataease/provider/datasource/JdbcProvider.java | 2 +-
.../io/dataease/provider/query/oracle/OracleQueryProvider.java | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
index fe9e1b457a..2b22a69d51 100644
--- a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
+++ b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
@@ -796,7 +796,7 @@ public class JdbcProvider extends DefaultJdbcProvider {
break;
case sqlServer:
SqlServerConfiguration sqlServerConfiguration = new Gson().fromJson(datasource.getConfiguration(), SqlServerConfiguration.class);
- if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_.-]{1,}$")){
+ if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_.-\u4E00-\u9FA5\u8FBD-\u9FBB\uFA0E-\uFA29]{1,}$")){
throw new Exception("Invalid database name");
}
break;
diff --git a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
index 1a9c0e078e..d0ae17c00d 100644
--- a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
@@ -60,6 +60,7 @@ public class OracleQueryProvider extends QueryProvider {
@Override
public Integer transFieldType(String field) {
+ field = field.split("()")[0];
switch (field) {
case "CHAR":
case "VARCHAR2":
From 3ba12e1a5f3fc90d6f9aa2ff8ae6a44c2b7a01e0 Mon Sep 17 00:00:00 2001
From: taojinlong
Date: Sun, 23 Jul 2023 00:14:51 +0800
Subject: [PATCH 4/4] =?UTF-8?q?fix:=20=E5=88=A4=E6=96=ADoracle=20timestemp?=
=?UTF-8?q?=E7=B1=BB=E5=9E=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../io/dataease/provider/query/oracle/OracleQueryProvider.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
index d0ae17c00d..7eef266f6e 100644
--- a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
@@ -60,7 +60,7 @@ public class OracleQueryProvider extends QueryProvider {
@Override
public Integer transFieldType(String field) {
- field = field.split("()")[0];
+ field = field.split("\\(")[0];
switch (field) {
case "CHAR":
case "VARCHAR2":