为排序字段添加白名单验证

jshERP-boot/src/main/resources/mapper_xml/DepotHeadMapperEx.xml

@@ -500,7 +500,12 @@
             order by materialId desc
         </if>
         <if test="column != 'createTime'">
-            order by ${column} ${order}
+            <if test="column == 'barCode' or column == 'numSum' or column == 'priceSum'">
+                order by ${column}
+                <if test="order == 'asc' or order == 'desc'">
+                    ${order}
+                </if>
+            </if>
         </if>
         <if test="offset != null and rows != null">
             limit #{offset},#{rows}
@@ -706,7 +711,12 @@
             order by oper_time desc,number desc
         </if>
         <if test="column != 'createTime'">
-            order by ${column} ${order}
+            <if test="column == 'barCode' or column == 'operNumber' or column == 'unitPrice' or column == 'allPrice'">
+                order by ${column}
+                <if test="order == 'asc' or order == 'desc'">
+                    ${order}
+                </if>
+            </if>
         </if>
         <if test="offset != null and rows != null">
             limit #{offset},#{rows}

jshERP-boot/src/main/resources/mapper_xml/MaterialMapperEx.xml

@@ -698,7 +698,12 @@
             order by m.id desc
         </if>
         <if test="column != 'createTime'">
-            order by ${column} ${order}
+            <if test="column == 'mBarCode' or column == 'purchaseDecimal' or column == 'currentStock' or column == 'currentStockPrice' or column == 'currentWeight'">
+                order by ${column}
+                <if test="order == 'asc' or order == 'desc'">
+                    ${order}
+                </if>
+            </if>
         </if>
         <if test="offset != null and rows != null">
             limit #{offset},#{rows}