Skip to content

A
antSword
Commit 736d13a2 authored by Medicean's avatar Medicean
Browse files
Options

(BugFix: Core) 修复 asp(x) sqlserver 获取列名,执行自定义SQL语句的异常

parent 0cc3f0d3
Hide whitespace changes
Inline Side-by-side
Showing with 68 additions and 12 deletions
CHANGELOG.md
View file @ 736d13a2
...@@ -8,6 +8,10 @@ ...@@ -8,6 +8,10 @@
* 分块传输自动根据黑名单字符(eg: eval, assert, execute, response 等)进行随机切割(thx @phith0n) * 分块传输自动根据黑名单字符(eg: eval, assert, execute, response 等)进行随机切割(thx @phith0n)
### BugFix
* 修复 asp(x) sqlserver 获取列名,执行自定义SQL语句的异常
## 2019/03/04 `v(2.0.5)` ## 2019/03/04 `v(2.0.5)`
### 后端模块 ### 后端模块
......
README.md
View file @ 736d13a2
# AntSword [![release](https://img.shields.io/badge/release-v2.0.5-blue.svg?style=flat-square)][url-release] # AntSword [![release](https://img.shields.io/badge/release-v2.0.5.1-blue.svg?style=flat-square)][url-release]
> AntSword in your hands, no worries in your mind! > AntSword in your hands, no worries in your mind!
......
README_CN.md
View file @ 736d13a2
# 中国蚁剑 [![release](https://img.shields.io/badge/release-v2.0.5-blue.svg?style=flat-square)][url-release] # 中国蚁剑 [![release](https://img.shields.io/badge/release-v2.0.5.1-blue.svg?style=flat-square)][url-release]
> 一剑在手,纵横无忧! > 一剑在手,纵横无忧!
......
package-lock.json
View file @ 736d13a2
{ {
"name": "antsword", "name": "antsword",
"version": "2.0.5", "version": "2.0.5.1",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
......
package.json
View file @ 736d13a2
{ {
"name": "antsword", "name": "antsword",
"version": "2.0.5", "version": "2.0.5.1",
"description": "中国蚁剑是一款跨平台的开源网站管理工具", "description": "中国蚁剑是一款跨平台的开源网站管理工具",
"main": "app.js", "main": "app.js",
"dependencies": { "dependencies": {
......
source/core/aspx/template/database/sqlserver.js
View file @ 736d13a2
/** /**
* ASPX::mysql数据库驱动代码模板 * ASPX::sqlserver数据库驱动代码模板
*/ */
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库 // 显示所有数据库
show_databases: { show_databases: {
_: _:
`var Conn=new ActiveXObject("Adodb.connection");Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));var Rs=new ActiveXObject("ADODB.Recordset");Rs.Open("SELECT [name] FROM master.dbo.sysdatabases ORDER BY 1",Conn,1,1);while(!Rs.EOF && !Rs.BOF){Response.Write(Rs.Fields(0).Value+"\\t");Rs.MoveNext();}Rs.Close();Conn.Close();`, `var Conn=new ActiveXObject("Adodb.connection");
Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));
var Rs=new ActiveXObject("ADODB.Recordset");
Rs.Open("SELECT [name] FROM master.dbo.sysdatabases ORDER BY 1",Conn,1,1);
while(!Rs.EOF && !Rs.BOF){
Response.Write(Rs.Fields(0).Value+"\\t");
Rs.MoveNext();
}
Rs.Close();
Conn.Close();`.replace(/\n\s+/g, ''),
[arg1]: '#{base64::conn}' [arg1]: '#{base64::conn}'
}, },
// 显示数据库所有表 // 显示数据库所有表
show_tables: { show_tables: {
_: _:
`var Conn=new ActiveXObject("Adodb.connection");Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));var Rs=new ActiveXObject("ADODB.Recordset");Rs.Open("USE ["+Request.Item["${arg2}"]+"];SELECT [name] FROM sysobjects WHERE (xtype=\'U\') ORDER BY 1",Conn,1,1);while(!Rs.EOF && !Rs.BOF){Response.Write(Rs.Fields(0).Value+"\\t");Rs.MoveNext();}Rs.Close();Conn.Close();`, `var Conn=new ActiveXObject("Adodb.connection");
Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));
var Rs=new ActiveXObject("ADODB.Recordset");
Rs.Open("USE ["+Request.Item["${arg2}"]+"];
SELECT [name] FROM sysobjects WHERE (xtype=\'U\') ORDER BY 1",Conn,1,1);
while(!Rs.EOF && !Rs.BOF){
Response.Write(Rs.Fields(0).Value+"\\t");
Rs.MoveNext();
}
Rs.Close();
Conn.Close();`.replace(/\n\s+/g, ''),
[arg1]: '#{base64::conn}', [arg1]: '#{base64::conn}',
[arg2]: '#{dbname}' [arg2]: '#{dbname}'
}, },
// 显示表字段 // 显示表字段
show_columns: { show_columns: {
_: _:
`var Conn=new ActiveXObject("Adodb.connection");Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));var Rs=new ActiveXObject("ADODB.Recordset");Rs.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"])),Conn,1,1);while(!Rs.EOF && !Rs.BOF){Response.Write(Rs.Fields(0).Value+" ("+Rs.Fields(1).Value+")\\t");Rs.MoveNext();}Rs.Close();Conn.Close();`, `var Conn=new ActiveXObject("Adodb.connection");
Conn.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));
var Rs=new ActiveXObject("ADODB.Recordset");
Rs.Open(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"])),Conn,1,1);
var CO:String="\\t";
var i:Int32=Rs.Fields.Count,c:Int32;
for(c=0;c<i;c++){
Response.Write(Rs.Fields(c).Name+CO)
}
Rs.Close();
Conn.Close();`.replace(/\n\s+/g, ''),
// Driver={Sql Server};Server=(local);Database=master;Uid=sa;Pwd= // Driver={Sql Server};Server=(local);Database=master;Uid=sa;Pwd=
[arg1]: '#{base64::conn}', [arg1]: '#{base64::conn}',
// USE [database1];SELECT A.[name],B.[name] FROM syscolumns A,systypes B where A.id=object_id(\'table1\') and A.xtype=B.xtype ORDER BY A.colid // USE [database1];SELECT A.[name],B.[name] FROM syscolumns A,systypes B where A.id=object_id(\'table1\') and A.xtype=B.xtype ORDER BY A.colid
[arg2]: '#{base64::sql}', [arg2]: '#{base64::table}', // 这里其实传入的是获取表头的 sql 语句
}, },
// 执行SQL语句 // 执行SQL语句
query: { query: {
_: _:
`var Conn=new ActiveXObject("Adodb.connection");var strSQL:String=System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"]));Conn.ConnectionString=System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"]));Conn.ConnectionTimeout=10;Conn.Open();var CO:String="\\t|\\t",RN:String="\\r\\n",Dat:String;Conn.DefaultDatabase="${arg3}";var Rs=Conn.Execute(strSQL);var i:Int32=Rs.Fields.Count,c:Int32;for(c=0;c<i;c++){Response.Write(Rs.Fields(c).Name+CO);}Response.Write(RN);while(!Rs.EOF && !Rs.BOF){for(c=0;c<i;c++){Dat=Rs.Fields(c).Value;Response.Write(Dat);Response.Write(CO);}Response.Write(RN);Rs.MoveNext();}Conn.Close();`, `var Conn=new ActiveXObject("Adodb.connection");
var strSQL:String=System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"]));
Conn.ConnectionString=System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"]));
Conn.ConnectionTimeout=10;
Conn.Open();
var CO:String="\\t|\\t",RN:String="\\r\\n",Dat:String;
Conn.DefaultDatabase=Request.Item["${arg3}"];
var Rs=Conn.Execute(strSQL);
var i:Int32=Rs.Fields.Count,c:Int32;
for(c=0;c<i;c++){
Response.Write(Rs.Fields(c).Name+CO);
}
Response.Write(RN);
while(!Rs.EOF && !Rs.BOF){
for(c=0;c<i;c++){
Dat=Rs.Fields(c).Value;
Response.Write(Dat);
Response.Write(CO);
}
Response.Write(RN);
Rs.MoveNext();
}
Conn.Close();`.replace(/\n\s+/g, ''),
// Driver={Sql Server};Server=(local);Database=master;Uid=sa;Pwd= // Driver={Sql Server};Server=(local);Database=master;Uid=sa;Pwd=
[arg1]: '#{base64::conn}', [arg1]: '#{base64::conn}',
// SELECT TOP 20 * FROM table1 ORDER BY 1 DESC // SELECT TOP 20 * FROM table1 ORDER BY 1 DESC
......
source/modules/database/asp/index.js
View file @ 736d13a2
...@@ -438,7 +438,7 @@ class ASP { ...@@ -438,7 +438,7 @@ class ASP {
this.core[`database_${conf['type']}`].show_columns( this.core[`database_${conf['type']}`].show_columns(
{ {
conn: conf['conn'], conn: conf['conn'],
table: conf['type'] === 'oracle' ? `SELECT * FROM (SELECT A.*,ROWNUM N FROM ${table} A) WHERE N=1` : `SELECT TOP 1 * FROM ${table}` table: conf['type'] === 'oracle' ? `SELECT * FROM (SELECT A.*,ROWNUM N FROM ${table} A) WHERE N=1` : `USE [${this.dbconf['database']}];SELECT TOP 0 * FROM ${table}`
}) })
).then((res) => { ).then((res) => {
let ret = res['text']; let ret = res['text'];
...@@ -479,7 +479,8 @@ class ASP { ...@@ -479,7 +479,8 @@ class ASP {
this.core.request( this.core.request(
this.core[`database_${this.dbconf['type']}`].query({ this.core[`database_${this.dbconf['type']}`].query({
conn: this.dbconf['conn'], conn: this.dbconf['conn'],
sql: sql sql: sql,
dbname: this.dbconf['database'],
}) })
).then((res) => { ).then((res) => {
let ret = res['text']; let ret = res['text'];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment