graphite/Sharkey
1
0
Fork 0
mirror of https://git.joinsharkey.org/Sharkey/Sharkey.git synced 2024-11-09 20:03:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(server): improve security

Browse source
This commit is contained in:
syuilo 2023-02-04 18:21:07 +09:00
parent a12f07c42b
commit ee74df6823
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
View file

@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
try {
if (ps.tag) {
if (!safeForSql(ps.tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
} else {
query.andWhere(new Brackets(qb => {
for (const tags of ps.query!) {
qb.orWhere(new Brackets(qb => {
for (const tag of tags) {
if (!safeForSql(tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
}
}));