驼峰转下划线

platform-common/src/main/java/com/platform/utils/Query.java

@@ -34,7 +34,8 @@ public class Query extends LinkedHashMap<String, Object> {
         //防止SQL注入（因为sidx、order是通过拼接SQL实现排序的，会有SQL注入风险）
         if(params.get("sidx")!=null){
             String sidx = params.get("sidx").toString();
-            this.put("sidx", SQLFilter.sqlInject(sidx));
+            String humpToLine = SQLFilter.humpToLine(sidx);
+            this.put("sidx", SQLFilter.sqlInject(humpToLine));
         }
         if(params.get("order")!=null){
             String order = params.get("order").toString();

platform-common/src/main/java/com/platform/xss/SQLFilter.java

@@ -28,7 +28,7 @@ public class SQLFilter {
         str = StringUtils.replace(str, "\\", "");
 
         //转换成小写
-        str = humpToLine(str);
+        str = str.toLowerCase();
 
         //非法字符
         String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alert", "drop"};