执行语句 执行 < >

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/ExportSqlServiceImpl.java

@@ -73,7 +73,12 @@ public class ExportSqlServiceImpl implements ExportSqlService {
     public Object executeSql(String sql) throws Exception {
         sql = Sm4Util.decryptEcb("51d95b1dc43a9faaad0570f81c755fcf",sql);
         sql = sql.toLowerCase();
-        if(sql.contains("select")){
+        // 脚本加密后 < > 符号被转义了
+        sql=sql.replace("&gt;",">");
+        sql=sql.replace("&lt;","<");
+
+        // 修改语句中也可能存在查询语句
+        if(sql.startsWith(("select"))){
             List<LinkedHashMap<String, Object>> maps = objectMapper.selectPublicItemList(sql);
             return maps;
         }