【优化】移除2个orderBy使用的sql组合方法参数，移除4个仓储基类的所有sql组合方法，全部使用参数化提交，防止出现可能存在的sql注入。

2025-12-06 16:03:25 +08:00 · 2024-01-17 20:02:06 +08:00
parent f16797adb5
commit a6e345a48b
15 changed files with 77 additions and 883 deletions
--- a/CoreCms.Net.Model/CoreCms.Net.Model.xml
+++ b/CoreCms.Net.Model/CoreCms.Net.Model.xml
@@ -9706,11 +9706,6 @@
                每页数据量
            </summary>
        </member>
-        <member name="P:CoreCms.Net.Model.FromBody.FMPageByWhereOrder.order">
-            <summary>
-                排序
-            </summary>
-        </member>
        <member name="P:CoreCms.Net.Model.FromBody.FMPageByWhereOrder.where">
            <summary>
                判断条件
@@ -9721,6 +9716,16 @@
                根据int类型id加where查询条件和order排序获取列表(一般用于直接id分页)
            </summary>
        </member>
+        <member name="P:CoreCms.Net.Model.FromBody.FMPageByIntId.otherData">
+            <summary>
+            其他数据
+            </summary>
+        </member>
+        <member name="P:CoreCms.Net.Model.FromBody.FMPageByIntId.id">
+            <summary>
+            序列
+            </summary>
+        </member>
        <member name="P:CoreCms.Net.Model.FromBody.FMPageByIntId.page">
            <summary>
                当前页码
@@ -9731,11 +9736,6 @@
                每页数据量
            </summary>
        </member>
-        <member name="P:CoreCms.Net.Model.FromBody.FMPageByIntId.order">
-            <summary>
-                排序
-            </summary>
-        </member>
        <member name="P:CoreCms.Net.Model.FromBody.FMPageByIntId.where">
            <summary>
                判断条件
@@ -9746,6 +9746,11 @@
                根据String类型id加where查询条件和order排序获取列表(一般用于直接id分页)
            </summary>
        </member>
+        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringId.id">
+            <summary>
+            序列
+            </summary>
+        </member>
        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringId.page">
            <summary>
                当前页码
@@ -9756,21 +9761,16 @@
                每页数据量
            </summary>
        </member>
-        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringId.order">
-            <summary>
-                排序
-            </summary>
-        </member>
-        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringId.where">
-            <summary>
-                判断条件
-            </summary>
-        </member>
        <member name="T:CoreCms.Net.Model.FromBody.FMPageByStringIdWhitStatus">
            <summary>
                根据String类型id加where查询条件和order排序获取列表(一般用于直接id分页)
            </summary>
        </member>
+        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringIdWhitStatus.id">
+            <summary>
+            序列
+            </summary>
+        </member>
        <member name="P:CoreCms.Net.Model.FromBody.FMPageByStringIdWhitStatus.page">
            <summary>
                当前页码
--- a/CoreCms.Net.Model/FromBody/FMPage.cs
+++ b/CoreCms.Net.Model/FromBody/FMPage.cs
@@ -26,11 +26,6 @@ namespace CoreCms.Net.Model.FromBody
        /// </summary>
        public int limit { get; set; } = 10;

-        /// <summary>
-        ///     排序
-        /// </summary>
-        public string order { get; set; }
-
        /// <summary>
        ///     判断条件
        /// </summary>
@@ -43,9 +38,14 @@ namespace CoreCms.Net.Model.FromBody
    /// </summary>
    public class FMPageByIntId
    {
+        /// <summary>
+        /// 其他数据
+        /// </summary>
        public object otherData { get; set; }

-
+        /// <summary>
+        /// 序列
+        /// </summary>
        public int id { get; set; }


@@ -59,11 +59,6 @@ namespace CoreCms.Net.Model.FromBody
        /// </summary>
        public int limit { get; set; } = 10;

-        /// <summary>
-        ///     排序
-        /// </summary>
-        public string order { get; set; }
-
        /// <summary>
        ///     判断条件
        /// </summary>
@@ -75,9 +70,11 @@ namespace CoreCms.Net.Model.FromBody
    /// </summary>
    public class FMPageByStringId
    {
+        /// <summary>
+        /// 序列
+        /// </summary>
        public string id { get; set; }

-
        /// <summary>
        ///     当前页码
        /// </summary>
@@ -87,16 +84,6 @@ namespace CoreCms.Net.Model.FromBody
        ///     每页数据量
        /// </summary>
        public int limit { get; set; } = 10;
-
-        /// <summary>
-        ///     排序
-        /// </summary>
-        public string order { get; set; }
-
-        /// <summary>
-        ///     判断条件
-        /// </summary>
-        public string where { get; set; }
    }


@@ -105,6 +92,9 @@ namespace CoreCms.Net.Model.FromBody
    /// </summary>
    public class FMPageByStringIdWhitStatus
    {
+        /// <summary>
+        /// 序列
+        /// </summary>
        public string id { get; set; }

        /// <summary>