fix: 上传excel限制文件大小

backend/src/main/java/io/dataease/commons/filter/SqlFilter.java

@@ -12,10 +12,13 @@ import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
+import java.util.ArrayList;
+import java.util.List;
 
 
 public class SqlFilter implements Filter {
 
+    private List<String> excludedUris = new ArrayList<>();
 
     @Override
     public void destroy() {
@@ -34,38 +37,43 @@ public class SqlFilter implements Filter {
             return;
         }
 
-        String method = "GET";
+        if(excludedUris.contains(((HttpServletRequest) request).getRequestURI())){
-        String param;
+            chain.doFilter(request, response);
-        XssAndSqlHttpServletRequestWrapper xssRequest = null;
+        }else {
-        if (request instanceof HttpServletRequest) {
+            String method = "GET";
-            method = ((HttpServletRequest) request).getMethod();
+            String param;
-            xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
+            XssAndSqlHttpServletRequestWrapper xssRequest = null;
-        }
+            if (request instanceof HttpServletRequest) {
-        if ("POST".equalsIgnoreCase(method)) {
+                method = ((HttpServletRequest) request).getMethod();
-            param = this.getBodyString(xssRequest.getReader());
+                xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
-            if (StringUtils.isNotBlank(param)) {
+            }
-                if (xssRequest.checkXSSAndSql(param)) {
+            if ("POST".equalsIgnoreCase(method)) {
-                    response.setCharacterEncoding("UTF-8");
+                param = this.getBodyString(xssRequest.getReader());
-                    response.setContentType("application/json;charset=UTF-8");
+                if (StringUtils.isNotBlank(param)) {
-                    String msg = ThreadLocalContextHolder.getData().toString();
+                    if (xssRequest.checkXSSAndSql(param)) {
-                    DEException.throwException(msg);
+                        response.setCharacterEncoding("UTF-8");
-                    return;
+                        response.setContentType("application/json;charset=UTF-8");
+                        String msg = ThreadLocalContextHolder.getData().toString();
+                        DEException.throwException(msg);
+                        return;
+                    }
                 }
             }
+            if (xssRequest.checkParameter()) {
+                response.setCharacterEncoding("UTF-8");
+                response.setContentType("application/json;charset=UTF-8");
+                String msg = ThreadLocalContextHolder.getData().toString();
+                DEException.throwException(msg);
+                return;
+            }
+            chain.doFilter(xssRequest, response);
         }
-        if (xssRequest.checkParameter()) {
+
-            response.setCharacterEncoding("UTF-8");
-            response.setContentType("application/json;charset=UTF-8");
-            String msg = ThreadLocalContextHolder.getData().toString();
-            DEException.throwException(msg);
-            return;
-        }
-        chain.doFilter(xssRequest, response);
     }
 
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
-
+        excludedUris.add("/dataset/table/excel/upload");
     }
 
     // 获取request请求body中参数