-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix deep sanitizeQuery #19436
Fix deep sanitizeQuery #19436
Conversation
🦋 Changeset detectedLatest commit: 0ee31cc The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Added a test case which proves that it didn't work correctly before this fix: |
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
Fixes #19435
So instead of sanitising each part of a subquery by itself, this refactor groups the fields starting with
_
into a query to be sanitised together and then afterwards all of it is added back to the parsedQuery without the randomness of just taking the first element in the entries array.