diff --git a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs
index 79f18c5e3..8b543320f 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs
+++ b/Learun.Framework.Ultimate V7/Learun.Application.WebApi/Modules/BaseApi.cs
@@ -175,6 +175,17 @@ namespace Learun.Application.WebApi
///
private Response BeforeRequest(NancyContext ctx)
{
+ ctx.Request.Url.Query = Learun.Util.WebHelper.Formatstr(ctx.Request.Url.Query);
+ foreach (var p in ctx.Parameters)
+ {
+ if (p.ParameterType == typeof(string))
+ {
+ if (ctx.Parameters[p.ParameterName] != null)
+ {
+ ctx.Parameters[p.ParameterName] = Learun.Util.WebHelper.Formatstr(ctx.Parameters[p.ParameterName].ToString());
+ }
+ }
+ }
string path = ctx.ResolvedRoute.Description.Path;
//验证登录状态
ReqParameter req = this.Bind();
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs
index a05421892..68ae49dd7 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/Web/WebHelper.cs
@@ -345,6 +345,7 @@ namespace Learun.Util
System.Text.RegularExpressions.Regex regex10 = new System.Text.RegularExpressions.Regex(@"select", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex11 = new System.Text.RegularExpressions.Regex(@"update", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex12 = new System.Text.RegularExpressions.Regex(@"delete", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
+ System.Text.RegularExpressions.Regex regex13 = new System.Text.RegularExpressions.Regex(@"exec", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤标记
html = regex2.Replace(html, ""); //过滤href=javascript: () 属性
html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
@@ -352,6 +353,7 @@ namespace Learun.Util
html = regex10.Replace(html, "s_elect");
html = regex11.Replace(html, "u_pudate");
html = regex12.Replace(html, "d_elete");
+ html = regex13.Replace(html, "e_xec");
html = html.Replace("'", "’");
html = html.Replace(" ", " ");
return html;