Skip to content

Commit

Permalink
activity feed possible SQL injection fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@ilmartyrk
ilmartyrk committed Aug 28, 2018
1 parent a8900d4 commit 76ad607
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions routes/api/topic.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7333,7 +7333,8 @@ module.exports = function (app) {
});

return includedSql.join(' UNION ');
}
};

var activitiesList = function (req, res, next, visibility) {
var limitMax = 50;
var limitDefault = 10;
Expand All @@ -7360,7 +7361,9 @@ module.exports = function (app) {

var filterBy = '';
if (filters.length) {
var filtersEscaped = filters.map(function (filter ) { return db.escape(filter);});
var filtersEscaped = filters.map(function (filter) {
return db.escape(filter);
});
filterBy = 'WHERE uac.data#>>\'{object, @type}\' IN (' + filtersEscaped.join(',') + ')';
}

Expand Down

0 comments on commit 76ad607

Please sign in to comment.