Merge branch 'wangfei' into 'dev'

Wangfei

See merge request !141

ruoyi-admin/src/main/resources/logback.xml

@@ -89,16 +89,16 @@
     </appender>
 
     <!-- 系统模块日志级别控制  -->
-    <logger name="com.ruoyi" level="debug" />
+    <logger name="com.ruoyi" level="INFO" />
     <!-- Spring日志级别控制  -->
     <logger name="org.springframework" level="warn" />
 
-    <root level="debug">
+    <root level="INFO">
         <appender-ref ref="console" />
     </root>
 
     <!--系统操作日志-->
-    <root level="debug">
+    <root level="INFO">
         <appender-ref ref="file_info" />
         <appender-ref ref="file_error" />
         <appender-ref ref="console"/>
@@ -106,7 +106,7 @@
     </root>
 
     <!--系统用户操作日志-->
-    <logger name="sys-user" level="debug">
+    <logger name="sys-user" level="INFO">
         <appender-ref ref="sys-user"/>
         <appender-ref ref="console" />
     </logger>

ruoyi-framework/src/main/java/com/ruoyi/framework/config/MybatisPlusConfig.java

@@ -26,6 +26,9 @@ public class MybatisPlusConfig
         interceptor.addInnerInterceptor(optimisticLockerInnerInterceptor());
         // 阻断插件
         interceptor.addInnerInterceptor(blockAttackInnerInterceptor());
+        // %转意
+        interceptor.addInnerInterceptor(percentEscapeInterceptor());
+
         return interceptor;
     }
 
@@ -57,4 +60,14 @@ public class MybatisPlusConfig
     {
         return new BlockAttackInnerInterceptor();
     }
+
+    /**
+     * %转意
+     * @return
+     */
+    public PercentEscapeInterceptor percentEscapeInterceptor() {
+        return new PercentEscapeInterceptor();
+    }
+
+
 }
\ No newline at end of file

ruoyi-framework/src/main/java/com/ruoyi/framework/config/PercentEscapeInterceptor.java

+package com.ruoyi.framework.config;
+
+import com.baomidou.mybatisplus.extension.plugins.inner.InnerInterceptor;
+import com.ruoyi.common.utils.StringUtils;
+import org.apache.ibatis.executor.Executor;
+import org.apache.ibatis.mapping.BoundSql;
+import org.apache.ibatis.mapping.MappedStatement;
+import org.apache.ibatis.reflection.MetaObject;
+import org.apache.ibatis.session.ResultHandler;
+import org.apache.ibatis.session.RowBounds;
+
+import java.sql.SQLException;
+import java.util.HashSet;
+import java.util.Set;
+
+public class PercentEscapeInterceptor implements InnerInterceptor {
+
+    @Override
+    public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {
+        String sql = boundSql.getSql().toLowerCase();
+        //  判断是否包含 参数 及 like 查询
+        if (!sql.contains(" like ") || !sql.contains("?")) {
+            return;
+        }
+
+        // 获取关键字的个数（去重）,获取 到 like 查询 的 key
+        String[] strList = sql.split("\\?");
+        Set<String> keyNames = new HashSet<>();
+        for (int i = 0; i < strList.length; i++) {
+            if (strList[i].toLowerCase().contains(" like ")) {
+                String keyName = boundSql.getParameterMappings().get(i).getProperty();
+                keyNames.add(keyName);
+            }
+        }
+
+        MetaObject metaObject = ms.getConfiguration().newMetaObject(parameter);
+        for (String keyName : keyNames) {
+            Object value = metaObject.getValue(keyName);
+            if (value instanceof String) {
+                if (isconvert((String) value)) {
+                    metaObject.setValue(keyName, convert((String) value));
+                }
+            }
+        }
+    }
+
+    private String convert(String before) {
+        if (StringUtils.isNotBlank(before)) {
+            before = before.replaceAll("\\\\", "");
+            before = before.replaceAll("_", "\\\\_");
+            before = before.replaceAll("%", "\\\\%");
+        }
+        return before;
+    }
+
+    private boolean isconvert(String str) {
+        return str.contains("\\") || str.contains("_") || str.contains("%");
+    }
+
+}
\ No newline at end of file