wenyongda/ZrAdminNetCore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:动态排序有可能会造成sql注入问题

Browse Source
This commit is contained in:
不做码农 2022-12-07 22:13:51 +08:00
parent bd033be4d1
commit d32c211aee
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ZR.Repository/BaseRepository.cs
View File

@ -367,7 +367,7 @@ namespace ZR.Repository
page.PageSize = parm.PageSize; page.PageSize = parm.PageSize;
page.PageIndex = parm.PageNum; page.PageIndex = parm.PageNum;
page.Result = source.OrderByIF(parm.Sort.IsNotEmpty(), $"{parm.Sort} {(parm.SortType.Contains("desc") ? "desc" : "asc")}") page.Result = source.OrderByIF(parm.Sort.IsNotEmpty(), $"{parm.Sort.ToSqlFilter()} {(parm.SortType.Contains("desc") ? "desc" : "asc")}")
.ToPageList(parm.PageNum, parm.PageSize, ref total); .ToPageList(parm.PageNum, parm.PageSize, ref total);
page.TotalNum = total; page.TotalNum = total;
return page; return page;
@ -388,10 +388,11 @@ namespace ZR.Repository
page.PageSize = parm.PageSize; page.PageSize = parm.PageSize;
page.PageIndex = parm.PageNum; page.PageIndex = parm.PageNum;
var result = source.OrderByIF(parm.Sort.IsNotEmpty(), $"{parm.Sort} {(parm.SortType.Contains("desc") ? "desc" : "asc")}") var result = source
.OrderByIF(parm.Sort.IsNotEmpty(), $"{parm.Sort.ToSqlFilter()} {(parm.SortType.Contains("desc") ? "desc" : "asc")}")
.ToPageList(parm.PageNum, parm.PageSize, ref total); .ToPageList(parm.PageNum, parm.PageSize, ref total);
page.TotalNum = total; page.TotalNum = total;
page.Result = result.Adapt<List<T2>>(); page.Result = result.Adapt<List<T2>>();
return page; return page;
} }