fix(backend): SQLのサニタイズを強化 (#14920)

* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1) * :v: --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
author: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> 2024-11-09 10:51:28 +0900
committer: GitHub <noreply@github.com> 2024-11-09 10:51:28 +0900
commit: 98b4717c45a543e31fe5635a8850074afe0d8fe2 (patch)
tree: daf4e96f51145aaa51d0d1eb08645b1e49745369 /packages/backend/src/misc/sql-like-escape.ts
parent: Update CONTRIBUTING.md (diff)
download: misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.tar.gz
misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.tar.bz2
misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/packages/backend/src/misc/sql-like-escape.ts b/packages/backend/src/misc/sql-like-escape.ts
index 0c05255674..6b4f51b00e 100644
--- a/packages/backend/src/misc/sql-like-escape.ts
+++ b/packages/backend/src/misc/sql-like-escape.ts
@@ -4,5 +4,5 @@
  */
 
 export function sqlLikeEscape(s: string) {
-	return s.replace(/([%_])/g, '\\$1');
+	return s.replace(/([\\%_])/g, '\\$1');
 }
author	かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>	2024-11-09 10:51:28 +0900
committer	GitHub <noreply@github.com>	2024-11-09 10:51:28 +0900
commit	98b4717c45a543e31fe5635a8850074afe0d8fe2 (patch)
tree	daf4e96f51145aaa51d0d1eb08645b1e49745369 /packages/backend/src/misc/sql-like-escape.ts
parent	Update CONTRIBUTING.md (diff)
download	misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.tar.gz misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.tar.bz2 misskey-98b4717c45a543e31fe5635a8850074afe0d8fe2.zip