issue#5295 issue#5296 issue#5255

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java

@@ -33,7 +33,7 @@ public class SqlInjectionUtil {
 	/**
 	 * sleep函数
 	 */
-	private final static Pattern FUN_SLEEP = Pattern.compile("sleep\\([\\d\\.]*\\)", Pattern.CASE_INSENSITIVE);
+	private final static Pattern FUN_SLEEP = Pattern.compile("sleep\\(.*\\)", Pattern.CASE_INSENSITIVE);
 
 	/**
 	 * sql注释的正则

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -727,8 +727,8 @@ public class LoginController {
 		if(failTime!=null){
 			val = Integer.parseInt(failTime.toString());
 		}
-		// 1小时
-		redisUtil.set(key, ++val, 3600);
+		// 10分钟
+		redisUtil.set(key, ++val, 600);
 	}
 
 }

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/util/RandImageUtil.java

@@ -6,6 +6,8 @@ import java.awt.*;
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.Random;
 
@@ -96,7 +98,13 @@ public class RandImageUtil {
 //		graphics.setColor(getRandColor(100, 200)); // ---2
         graphics.drawRect(0, 0, WIDTH - 1, HEIGHT - 1);
 
-        final Random random = new Random();
+        // SHA1PRNG是-种常用的随机数生成算法,处理弱随机数问题
+        SecureRandom random;
+        try {
+            random = SecureRandom.getInstance("SHA1PRNG");
+        } catch (NoSuchAlgorithmException e) {
+            random = new SecureRandom();
+        }
         // 随机产生干扰线，使图象中的认证码不易被其它程序探测到
         for (int i = 0; i < COUNT; i++) {
             // ---3