| | |
|---|
| | | {key: 'sys.', reg: /(^|\s)sys\./ig}, |
|---|
| | | {key: 'kill', reg: /(^|\s)kill\s/ig} |
|---|
| | | ] |
|---|
| | | |
|---|
| | | |
|---|
| | | if (type === 'customscript') { |
|---|
| | | chars = chars.filter(char => !['insert', 'delete', 'update', 'set', 'if', 'exec'].includes(char.key)) |
|---|
| | | } |
|---|
| | | |
|---|
| | | let error = '' |
|---|
| | | |
|---|
| | | sql = sql.replace(/sys\.fn_sqlvarbasetostr\(HashBytes\('MD5'/ig, '') // 跳过MD5加密 |
|---|
| | | |
|---|
| | | chars.forEach(char => { |
|---|
| | | if (!error && char.reg.test(sql)) { |
|---|
| | | error = char.key |
|---|
| | |
|---|
| | | if (process.env.NODE_ENV === 'production') { |
|---|
| | | baseurl = document.location.origin + '/' + window.GLOB.service |
|---|
| | | } else { |
|---|
| | | baseurl = window.GLOB.location + window.GLOB.service |
|---|
| | | baseurl = window.GLOB.location + '/' + window.GLOB.service |
|---|
| | | } |
|---|
| | | |
|---|
| | | let realurl = url.match(/^http/) || url.match(/^\/\//) ? url : baseurl + url |
|---|
