|
@ -76,11 +76,22 @@ func (apiService *ApiService) GetAPIInfoList(api system.SysApi, info request.Pag |
|
|
db = db.Limit(limit).Offset(offset) |
|
|
db = db.Limit(limit).Offset(offset) |
|
|
if order != "" { |
|
|
if order != "" { |
|
|
var OrderStr string |
|
|
var OrderStr string |
|
|
|
|
|
// 设置有效排序key 防止sql注入
|
|
|
|
|
|
// 感谢 Tom4t0 提交漏洞信息
|
|
|
|
|
|
orderMap := make(map[string]bool, 5) |
|
|
|
|
|
orderMap["id"] = true |
|
|
|
|
|
orderMap["path"] = true |
|
|
|
|
|
orderMap["api_group"] = true |
|
|
|
|
|
orderMap["description"] = true |
|
|
|
|
|
orderMap["method"] = true |
|
|
|
|
|
if orderMap[order] { |
|
|
if desc { |
|
|
if desc { |
|
|
OrderStr = order + " desc" |
|
|
OrderStr = order + " desc" |
|
|
} else { |
|
|
} else { |
|
|
OrderStr = order |
|
|
OrderStr = order |
|
|
} |
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
err = db.Order(OrderStr).Find(&apiList).Error |
|
|
err = db.Order(OrderStr).Find(&apiList).Error |
|
|
} else { |
|
|
} else { |
|
|
err = db.Order("api_group").Find(&apiList).Error |
|
|
err = db.Order("api_group").Find(&apiList).Error |
|
|