From 70e34c211787f3029517c03e31d1cf1561762cc6 Mon Sep 17 00:00:00 2001 From: "Bruce.Deng" Date: Tue, 8 Jun 2021 19:44:39 +0800 Subject: [PATCH] =?UTF-8?q?REPORT-53367=20=E5=A4=8D=E5=88=B6=E4=BC=A0?= =?UTF-8?q?=E5=8F=82=E5=90=8Esql-=E8=BF=9C=E7=A8=8B=E4=B8=8B=EF=BC=8C?= =?UTF-8?q?=E6=96=B0=E5=A2=9E=E7=9A=84=E8=BD=AC=E4=B9=89=E5=AD=97=E7=AC=A6?= =?UTF-8?q?=E6=8F=90=E7=A4=BA=E5=A4=B1=E6=95=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../data/datapane/preview/sql/PreviewPerformedSqlPane.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/designer-base/src/main/java/com/fr/design/data/datapane/preview/sql/PreviewPerformedSqlPane.java b/designer-base/src/main/java/com/fr/design/data/datapane/preview/sql/PreviewPerformedSqlPane.java index bf210380bc..7f75d4d3a1 100644 --- a/designer-base/src/main/java/com/fr/design/data/datapane/preview/sql/PreviewPerformedSqlPane.java +++ b/designer-base/src/main/java/com/fr/design/data/datapane/preview/sql/PreviewPerformedSqlPane.java @@ -6,6 +6,7 @@ import com.fr.base.ParameterMapNameSpace; import com.fr.data.impl.DBTableData; import com.fr.data.impl.EscapeSqlHelper; import com.fr.data.operator.DataOperator; +import com.fr.decision.config.PreventSqlInjConfig; import com.fr.decision.webservice.v10.config.ConfigService; import com.fr.design.dialog.DialogActionAdapter; import com.fr.design.dialog.link.MessageWithLink; @@ -18,6 +19,7 @@ import com.fr.design.parameter.ParameterInputPane; import com.fr.design.utils.gui.GUICoreUtils; import com.fr.general.CloudCenter; import com.fr.general.GeneralContext; +import com.fr.invoke.Reflect; import com.fr.log.FineLoggerFactory; import com.fr.plugin.injectable.PluginModule; import com.fr.script.Calculator; @@ -180,6 +182,10 @@ public class PreviewPerformedSqlPane extends JDialog implements ActionListener { calculator.pushNameSpace(ns); Parameter[] paras = processParameters(tableData, calculator); // 所有被转义参数的集合 + //这里比较恶心。方法1是通过在DataOperatorProvider新增rpc接口,交由服务器去获取转义字符。但是要考虑兼容问题: + //新设计器jar远程老服务器jar,需要提供Compatible实现,但是这个实现能做什么呢?目前没有老的接口可以去获取服务器的转义字符,仍然啥也做不了; + //现在采用方法2,通过反射调用PreventSqlInjConfig的刷新方法(因为这个方法是private,直接改成public仍然有兼容问题) + Reflect.on(PreventSqlInjConfig.class).call("refreshPreventSqlInjConfig"); Set specialCharParam = EscapeSqlHelper.getInstance().getSpecialCharParam(paras); // 将参数转义等 Set tableDataProviders = getTableDataProviders();