From 26630bae819f3dcb76a9751fc352a08f4fc96e92 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 4 Feb 2023 18:19:49 +0900 Subject: [PATCH 1/3] New translations ja-JP.yml (Chinese Simplified) (#9792) --- locales/zh-CN.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/locales/zh-CN.yml b/locales/zh-CN.yml index 295fc6e34..bc29aba0a 100644 --- a/locales/zh-CN.yml +++ b/locales/zh-CN.yml @@ -1023,17 +1023,23 @@ _achievements: title: "定期联系Ⅲ" description: "总登录天数400天" _login500: + title: "老熟人Ⅰ" description: "总登录天数500天" flavor: "诸君,我喜欢贴文" _login600: + title: "老熟人Ⅱ" description: "总登录天数600天" _login700: + title: "老熟人Ⅲ" description: "总登录天数700天" _login800: + title: "帖子大师Ⅰ" description: "总登录天数800天" _login900: + title: "帖子大师Ⅱ" description: "总登录天数900天" _login1000: + title: "帖子大师Ⅲ" description: "总登录天数1000天" flavor: "感谢您使用Misskey!" _noteClipped1: @@ -1086,6 +1092,7 @@ _achievements: title: "信号塔" description: "拥有超过500名关注者" _followers1000: + title: "大影响家" description: "拥有超过1000名关注者" _collectAchievements30: title: "成就收藏家" From ee74df68233adcd5b167258c621565f97c3b2306 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 4 Feb 2023 18:21:07 +0900 Subject: [PATCH 2/3] fix(server): improve security --- .../backend/src/server/api/endpoints/notes/search-by-tag.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts index 061e371d6..bcd793ac4 100644 --- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts +++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts @@ -95,14 +95,14 @@ export default class extends Endpoint { try { if (ps.tag) { - if (!safeForSql(ps.tag)) throw 'Injection'; + if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection'; query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`); } else { query.andWhere(new Brackets(qb => { for (const tags of ps.query!) { qb.orWhere(new Brackets(qb => { for (const tag of tags) { - if (!safeForSql(tag)) throw 'Injection'; + if (!safeForSql(normalizeForSearch(tag))) throw 'Injection'; qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`); } })); From 3f199c71135962406a28d7e3a3174ccbaffb0114 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 4 Feb 2023 18:22:00 +0900 Subject: [PATCH 3/3] 13.3.3 --- CHANGELOG.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7afaaffae..914bde051 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,11 @@ You should also include the user name that made the change. --> +## 13.3.3 (2023/02/04) + +### Bugfixes +- Server: improve security + ## 13.3.2 (2023/02/04) ### Improvements diff --git a/package.json b/package.json index 236d02eb3..7609cce8d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "misskey", - "version": "13.3.2", + "version": "13.3.3", "codename": "nasubi", "repository": { "type": "git",