From 35cb10fffe57f58da21b5f3c2c461568755751b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sun, 20 Mar 2022 11:54:17 +0800
Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=8A=A8=E5=8D=87=E7=BA=A7=E4=B8=80?=
 =?UTF-8?q?=E4=B8=AASQL=E6=B3=A8=E5=85=A5=E8=A7=84=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/setup/sql_upgrade.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/internal/setup/sql_upgrade.go b/internal/setup/sql_upgrade.go
index 71eb7d1f..33ecdd59 100644
--- a/internal/setup/sql_upgrade.go
+++ b/internal/setup/sql_upgrade.go
@@ -606,7 +606,7 @@ func upgradeV0_4_5(db *dbs.DB) error {
 		if len(valueJSON) > 0 {
 			var config = &serverconfigs.AccessLogQueueConfig{}
 			err = json.Unmarshal(valueJSON, config)
-			if err == nil {
+			if err == nil && config.RowsPerTable == 0 {
 				config.EnableAutoPartial = true
 				config.RowsPerTable = 500_000
 				configJSON, err := json.Marshal(config)
@@ -620,5 +620,21 @@ func upgradeV0_4_5(db *dbs.DB) error {
 		}
 	}
 
+	// 升级一个SQL注入规则
+	{
+		var dao = models.NewHTTPFirewallRuleDAO()
+		ones, _, err := dao.Instance.FindOnes(`SELECT id FROM edgeHTTPFirewallRules WHERE value=?`, "(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\\s*\\(")
+		if err != nil {
+			return err
+		}
+		for _, one := range ones {
+			var ruleId = one.GetInt64("id")
+			_, err = dao.Instance.Exec(`UPDATE edgeHTTPFirewallRules SET value=? WHERE id=? LIMIT 1`, `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`, ruleId)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	return nil
 }