summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/endpoints/admin/show-users.ts
diff options
context:
space:
mode:
authorsyuilo <Syuilotan@yahoo.co.jp>2023-01-09 08:46:10 +0900
committersyuilo <Syuilotan@yahoo.co.jp>2023-01-09 08:46:10 +0900
commit2acb3917ba28df0054a9e347bfba7b58e22d30a9 (patch)
tree290a2050f0b2586b236a1a7d167a25358def2e4c /packages/backend/src/server/api/endpoints/admin/show-users.ts
parent:cookie: (diff)
parentfix: Escape SQL LIKE (#9493) (diff)
downloadsharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.tar.gz
sharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.tar.bz2
sharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.zip
Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop
Diffstat (limited to 'packages/backend/src/server/api/endpoints/admin/show-users.ts')
-rw-r--r--packages/backend/src/server/api/endpoints/admin/show-users.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/show-users.ts b/packages/backend/src/server/api/endpoints/admin/show-users.ts
index 33e1be8041..722e284dde 100644
--- a/packages/backend/src/server/api/endpoints/admin/show-users.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts
@@ -3,6 +3,7 @@ import type { UsersRepository } from '@/models/index.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { DI } from '@/di-symbols.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { sqlLikeEscape } from '@/misc/sql-like-escape';
export const meta = {
tags: ['admin'],
@@ -68,7 +69,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
}
if (ps.username) {
- query.andWhere('user.usernameLower like :username', { username: ps.username.toLowerCase() + '%' });
+ query.andWhere('user.usernameLower like :username', { username: sqlLikeEscape(ps.username.toLowerCase()) + '%' });
}
if (ps.hostname) {
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-04 03:46:10 +0000