From 20889e8724da786cab2c5ba726fd571273df0c31 Mon Sep 17 00:00:00 2001
From: zhangdaiscott <zhangdaiscott@163.com>
Date: Mon, 14 Aug 2023 15:54:03 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90issues/4393=E3=80=91=E8=A7=A3=E5=86=B3?=
 =?UTF-8?q?=E4=BD=BF=E7=94=A8=E5=8F=82=E6=95=B0tableName=3Dsys=5Fuser=20t&?=
 =?UTF-8?q?=E5=A4=8D=E6=B5=8B=EF=BC=8C=E6=BC=8F=E6=B4=9E=E4=BB=8D=E7=84=B6?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/AbstractQueryBlackListHandler.java     |  8 ++++----
 .../system/security/DictQueryBlackListHandler.java  | 13 +++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
index 10ee2935..dd0141c0 100644
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
@@ -67,14 +67,14 @@ public abstract class AbstractQueryBlackListHandler {
         }
         for (QueryTable table : list) {
             String name = table.getName();
-            String fieldString = ruleMap.get(name);
+            String fieldRule = ruleMap.get(name);
             // 有没有配置这张表
-            if (fieldString != null) {
-                if ("*".equals(fieldString) || table.isAll()) {
+            if (fieldRule != null) {
+                if ("*".equals(fieldRule) || table.isAll()) {
                     flag = false;
                     log.warn("sql黑名单校验，表【"+name+"】禁止查询");
                     break;
-                } else if (table.existSameField(fieldString)) {
+                } else if (table.existSameField(fieldRule)) {
                     flag = false;
                     break;
                 }
diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
index 1012f8e7..94e099e0 100644
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
@@ -5,6 +5,8 @@ import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.common.util.security.AbstractQueryBlackListHandler;
 import org.springframework.stereotype.Component;
 
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -23,6 +25,17 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
 
     @Override
     protected List<QueryTable> getQueryTableInfo(String dictCodeString) {
+        //针对转义字符进行解码
+        try {
+            if (dictCodeString.contains("%")) {
+                dictCodeString = URLDecoder.decode(dictCodeString, "UTF-8");
+            }
+        } catch (UnsupportedEncodingException e) {
+            //e.printStackTrace();
+        }
+        dictCodeString = dictCodeString.trim();
+        
+        // 无论什么场景 第二、三个元素一定是表的字段，直接add
         if (dictCodeString != null && dictCodeString.indexOf(SymbolConstant.COMMA) > 0) {
             String[] arr = dictCodeString.split(SymbolConstant.COMMA);
             if (arr.length != 3 && arr.length != 4) {