Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(server): improve security
  • Loading branch information
syuilo committed Feb 4, 2023
1 parent a12f07c commit ee74df6
Showing 1 changed file with 2 additions and 2 deletions.
Expand Up @@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {

try {
if (ps.tag) {
if (!safeForSql(ps.tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
} else {
query.andWhere(new Brackets(qb => {
for (const tags of ps.query!) {
qb.orWhere(new Brackets(qb => {
for (const tag of tags) {
if (!safeForSql(tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
}
}));
Expand Down

0 comments on commit ee74df6

Please sign in to comment.