【云码】【反馈编号:2024080041】【通用功能】【网络安全】【SQL注入问题修复】【因编译问题不能发布代码暂时回退】

src/com/uas/erp/core/interceptor/DbSourceInterceptor.java

@@ -64,11 +64,11 @@ public class DbSourceInterceptor extends HandlerInterceptorAdapter {
 		String master = req.getParameter("master");
 		String condition =req.getParameter("condition");
 		if(StringUtil.hasText(condition)) {
-			condition = decryptData(condition);
+			if(req.getRequestURI().endsWith(".xls")) {
+				condition = new String(condition.getBytes("ISO-8859-1"), "UTF-8");
+			}
+//			condition = decryptData(condition);
 			req.setAttribute("condition",condition);
-//			if(req.getRequestURI().endsWith(".xls")) {
-//				condition = new String(condition.getBytes("ISO-8859-1"), "UTF-8");
-//			}
 			if(StringUtil.hasText(req.getParameter("signCondition"))){
 				if(!MD5Util.encrypt(new String(org.apache.commons.codec.binary.Base64.encodeBase64(condition.getBytes("UTF-8"))).replace("=","")).equals(req.getParameter("signCondition"))) {
 					BaseUtil.showError("非法操作！");