fix: github issues/5745 & remove page Deprecated method

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/metadata/OrderItem.java

@@ -15,9 +15,10 @@
  */
 package com.baomidou.mybatisplus.core.metadata;
 
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
+import com.baomidou.mybatisplus.core.toolkit.StringUtils;
+import com.baomidou.mybatisplus.core.toolkit.sql.SqlInjectionUtils;
+import lombok.Getter;
+import lombok.Setter;
 
 import java.io.Serializable;
 import java.util.Arrays;
@@ -30,9 +31,8 @@ import java.util.stream.Collectors;
  * @author HCL
  * Create at 2019/5/27
  */
-@Data
-@NoArgsConstructor
-@AllArgsConstructor
+@Getter
+@Setter
 public class OrderItem implements Serializable {
     private static final long serialVersionUID = 1L;
 
@@ -62,6 +62,16 @@ public class OrderItem implements Serializable {
     }
 
     private static OrderItem build(String column, boolean asc) {
-        return new OrderItem(column, asc);
+        return new OrderItem().setColumn(column).setAsc(asc);
+    }
+
+    public OrderItem setColumn(String column) {
+        this.column = StringUtils.replaceAllBlank(column);
+        return this;
+    }
+
+    public OrderItem setAsc(boolean asc) {
+        this.asc = asc;
+        return this;
     }
 }

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/StringUtils.java

@@ -596,10 +596,25 @@ public final class StringUtils {
             /**
              * 过滤sql黑名单字符，存在 SQL 注入，去除空白内容
              */
-            Matcher matcher = REPLACE_BLANK.matcher(str);
-            str = matcher.replaceAll("");
+            str = replaceAllBlank(str);
 
         }
         return str;
     }
+
+    /**
+     * 字符串去除空白内容：
+     * <ul>
+     *     <li>\n 回车</li>
+     *     <li>\t 水平制表符</li>
+     *     <li>\s 空格</li>
+     *     <li>\r 换行</li>
+     * </ul>
+     *
+     * @param str 字符串
+     */
+    public static String replaceAllBlank(String str) {
+        Matcher matcher = REPLACE_BLANK.matcher(str);
+        return matcher.replaceAll("");
+    }
 }

mybatis-plus-extension/src/main/java/com/baomidou/mybatisplus/extension/plugins/pagination/Page.java

@@ -292,35 +292,4 @@ public class Page<T> implements IPage<T> {
         }
         return searchCount;
     }
-
-    /**
-     * --begin------------- 未来抛弃移除的方法 -------------begin--
-     * 该部分属性转移至 {@link PageDTO}
-     */
-    @Deprecated
-    public String getCountId() {
-        return this.countId;
-    }
-
-    @Deprecated
-    public Long getMaxLimit() {
-        return this.maxLimit;
-    }
-
-    @Deprecated
-    public List<OrderItem> getOrders() {
-        return this.orders;
-    }
-
-    @Deprecated
-    public boolean isOptimizeCountSql() {
-        return this.optimizeCountSql;
-    }
-
-    @Deprecated
-    public boolean isSearchCount() {
-        return this.searchCount;
-    }
-    /** --end------------- 未来抛弃移除的方法 -------------end-- */
-
 }

mybatis-plus-extension/src/main/java/com/baomidou/mybatisplus/extension/plugins/pagination/PageDTO.java

@@ -15,10 +15,6 @@
  */
 package com.baomidou.mybatisplus.extension.plugins.pagination;
 
-import com.baomidou.mybatisplus.core.metadata.OrderItem;
-
-import java.util.List;
-
 /**
  * 简单分页模型 DTO 用于解决跨服务数据传输问题，不影响 Page 作为返回对象序列化 JSON 产生不必要的数据
  *
@@ -47,35 +43,6 @@ public class PageDTO<T> extends Page<T> {
         super(current, size, total, searchCount);
     }
 
-    @Override
-    public String getCountId() {
-        return this.countId;
-    }
-
-    @Override
-    public Long getMaxLimit() {
-        return this.maxLimit;
-    }
-
-    @Override
-    public List<OrderItem> getOrders() {
-        return this.orders;
-    }
-
-    @Override
-    public boolean isOptimizeCountSql() {
-        return this.optimizeCountSql;
-    }
-
-    public boolean isOptimizeJoinOfCountSql() {
-        return this.optimizeJoinOfCountSql;
-    }
-
-    @Override
-    public boolean isSearchCount() {
-        return this.searchCount;
-    }
-
     /* --------------- 以下为静态构造方式 --------------- */
     public static <T> Page<T> of(long current, long size) {
         return of(current, size, 0);

mybatis-plus-extension/src/test/java/com/baomidou/mybatisplus/test/plugins/pagination/SelectBodyToPlainSelectTest.java

@@ -75,7 +75,8 @@ class SelectBodyToPlainSelectTest {
     @Test
     void testPaginationInterceptorConcatOrderByFix() {
         List<OrderItem> orderList = new ArrayList<>();
-        orderList.add(OrderItem.asc("column"));
+        // 测试可能的 sql 注入 https://github.com/baomidou/mybatis-plus/issues/5745
+        orderList.add(OrderItem.asc("col umn"));
         String actualSql = new PaginationInnerInterceptor()
             .concatOrderBy("select * from test union select * from test2", orderList);
         assertThat(actualSql).isEqualTo("SELECT * FROM test UNION SELECT * FROM test2 ORDER BY column ASC");

mybatis-plus-generator/src/main/java/com/baomidou/mybatisplus/generator/config/GlobalConfig.java

@@ -43,12 +43,6 @@ public class GlobalConfig {
      */
     private String outputDir = System.getProperty("os.name").toLowerCase().contains("windows") ? "D://" : "/tmp";
 
-    /**
-     * 是否覆盖已有文件（默认 false）（已迁移到策略配置中，3.5.4版本会删除此方法）
-     */
-    @Deprecated
-    private boolean fileOverride;
-
     /**
      * 是否打开输出目录
      */
@@ -96,14 +90,6 @@ public class GlobalConfig {
         return outputDir;
     }
 
-    /**
-     * 是否覆盖已有文件（已迁移到策略配置中，3.5.4版本会删除此方法）
-     */
-    @Deprecated
-    public boolean isFileOverride() {
-        return fileOverride;
-    }
-
     public boolean isOpen() {
         return open;
     }
@@ -157,16 +143,6 @@ public class GlobalConfig {
             this.globalConfig = new GlobalConfig();
         }
 
-        /**
-         * 覆盖已有文件（已迁移到策略配置中，3.5.4版本会删除此方法）
-         */
-        @Deprecated
-        public Builder fileOverride() {
-            LOGGER.warn("全局覆盖已有文件的配置已失效，已迁移到策略配置中");
-            this.globalConfig.fileOverride = true;
-            return this;
-        }
-
         /**
          * 禁止打开输出目录
          */