修复漏洞，重构初始化功能，优化媒体库 (#1024)

* 媒体库增加 普通上传、压缩上传按钮，方便媒体库直接上传图片

* 增加数据类型切换后的的校验，避免使用错误的查询条件和字典条件。

* refactor: 重构初始化逻辑

* 媒体库功能丰富

* 修复注入漏洞和路径穿越

* 修复自动化接口获取数据库表失败后未能终止的bug

* 微调媒体库样式

Co-authored-by: bypanghu <bypanghu@163.com>
Co-authored-by: tesun <36953434+tesun@users.noreply.github.com>
Co-authored-by: pnck <hio131@gmail.com>
Co-authored-by: task <121913992@qq.com>

server/service/system/sys_auto_code_pgsql.go

@@ -1,8 +1,6 @@
 package system
 
 import (
-	"strings"
-
 	"github.com/flipped-aurora/gin-vue-admin/server/global"
 	"github.com/flipped-aurora/gin-vue-admin/server/model/system/response"
 	"github.com/pkg/errors"
@@ -74,17 +72,17 @@ func (a *autoCodePgsql) GetColumn(tableName string, dbName string) (data []respo
 										  where attribute.attrelid =
 												(select oid from pg_class class where class.relname = '@table_name') and attname =columns.COLUMN_NAME )) as column_comment
 		FROM INFORMATION_SCHEMA.COLUMNS columns
-		WHERE table_catalog = '@table_catalog'
+		WHERE table_catalog = '?'
 		  and table_schema = 'public'
-		  and table_name = '@table_name';
+		  and table_name = '?';
 	`
 	var entities []response.Column
 	db, _err := gorm.Open(postgres.Open(global.GVA_CONFIG.Pgsql.LinkDsn(dbName)), &gorm.Config{Logger: logger.Default.LogMode(logger.Info)})
 	if _err != nil {
 		return nil, errors.Wrapf(err, "[pgsql] 连接 数据库(%s)的表(%s)失败!", dbName, tableName)
 	}
-	sql = strings.ReplaceAll(sql, "@table_catalog", dbName)
-	sql = strings.ReplaceAll(sql, "@table_name", tableName)
-	err = db.Raw(sql).Scan(&entities).Error
+	//sql = strings.ReplaceAll(sql, "@table_catalog", dbName)
+	//sql = strings.ReplaceAll(sql, "@table_name", tableName)
+	err = db.Raw(sql, dbName, tableName).Scan(&entities).Error
 	return entities, err
 }