Merge pull request #1300 from nick2wang/nick-patch

修复会话管理存在的sql注入风险 #1299

sql/db_diagnostic.py

@@ -69,9 +69,10 @@ def create_kill_session(request):
     if AliyunRdsConfig.objects.filter(instance=instance, is_enable=True).exists():
         result = aliyun_create_kill_session(request)
     else:
-        thread_ids = thread_ids.replace('[', '').replace(']', '')
+        thread_ids = json.loads(thread_ids)
         query_engine = get_engine(instance=instance)
-        sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});".format(thread_ids)
+        sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});"\
+            .format(','.join(str(tid) for tid in thread_ids))
         all_kill_sql = query_engine.query('information_schema', sql)
         kill_sql = ''
         for row in all_kill_sql.rows:
@@ -99,9 +100,10 @@ def kill_session(request):
     if AliyunRdsConfig.objects.filter(instance=instance, is_enable=True).exists():
         result = aliyun_kill_session(request)
     else:
-        thread_ids = thread_ids.replace('[', '').replace(']', '')
+        thread_ids = json.loads(thread_ids)
         engine = get_engine(instance=instance)
-        sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});".format(thread_ids)
+        sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});"\
+            .format(','.join(str(tid) for tid in thread_ids))
         all_kill_sql = engine.query('information_schema', sql)
         kill_sql = ''
         for row in all_kill_sql.rows: