【优化】移除2个orderBy使用的sql组合方法参数，移除4个仓储基类的所有sql组合方法，全部使用参数化提交，防止出现可能存在的sql注入。

2025-12-06 19:13:26 +08:00 · 2024-01-17 20:02:06 +08:00
parent f16797adb5
commit a6e345a48b
15 changed files with 77 additions and 883 deletions
--- a/CoreCms.Net.Services/Good/CoreCmsGoodsServices.cs
+++ b/CoreCms.Net.Services/Good/CoreCmsGoodsServices.cs
@@ -1010,10 +1010,9 @@ namespace CoreCms.Net.Services
        /// <param name="pageSize">分布大小</param>
        /// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
        /// <returns></returns>
-        public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate,
-            string orderBy = "", int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
+        public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate, int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
        {
-            return await _dal.QueryPageByDTOAsync(predicate, orderBy, pageIndex, pageSize, blUseNoLock);
+            return await _dal.QueryPageByDTOAsync(predicate, pageIndex, pageSize, blUseNoLock);
        }
        #endregion

@@ -1026,10 +1025,10 @@ namespace CoreCms.Net.Services
        /// <param name="pageSize">分布大小</param>
        /// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
        /// <returns></returns>
-        public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate, string orderBy = "",
+        public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate,
            int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
        {
-            return await _dal.QueryAgentGoodsPageAsync(predicate, orderBy, pageIndex, pageSize, blUseNoLock);
+            return await _dal.QueryAgentGoodsPageAsync(predicate, pageIndex, pageSize, blUseNoLock);
        }