diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-09 08:46:10 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-09 08:46:10 +0900 |
| commit | 2acb3917ba28df0054a9e347bfba7b58e22d30a9 (patch) | |
| tree | 290a2050f0b2586b236a1a7d167a25358def2e4c /packages/backend/src/server/api/endpoints/admin | |
| parent | :cookie: (diff) | |
| parent | fix: Escape SQL LIKE (#9493) (diff) | |
| download | sharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.tar.gz sharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.tar.bz2 sharkey-2acb3917ba28df0054a9e347bfba7b58e22d30a9.zip | |
Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop
Diffstat (limited to 'packages/backend/src/server/api/endpoints/admin')
3 files changed, 6 insertions, 3 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts index c03d27878c..ed60efd7b4 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts @@ -5,6 +5,7 @@ import { QueryService } from '@/core/QueryService.js'; import { UtilityService } from '@/core/UtilityService.js'; import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js'; import { DI } from '@/di-symbols.js'; +import { sqlLikeEscape } from '@/misc/sql-like-escape'; export const meta = { tags: ['admin'], @@ -92,7 +93,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { } if (ps.query) { - q.andWhere('emoji.name like :query', { query: '%' + ps.query + '%' }); + q.andWhere('emoji.name like :query', { query: '%' + sqlLikeEscape(ps.query) + '%' }); } const emojis = await q diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts index 271b142126..f357e45a52 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts @@ -5,6 +5,7 @@ import type { Emoji } from '@/models/entities/Emoji.js'; import { QueryService } from '@/core/QueryService.js'; import { DI } from '@/di-symbols.js'; import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js'; +//import { sqlLikeEscape } from '@/misc/sql-like-escape'; export const meta = { tags: ['admin'], @@ -82,7 +83,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { let emojis: Emoji[]; if (ps.query) { - //q.andWhere('emoji.name ILIKE :q', { q: `%${ps.query}%` }); + //q.andWhere('emoji.name ILIKE :q', { q: `%${ sqlLikeEscape(ps.query) }%` }); //const emojis = await q.take(ps.limit).getMany(); emojis = await q.getMany(); diff --git a/packages/backend/src/server/api/endpoints/admin/show-users.ts b/packages/backend/src/server/api/endpoints/admin/show-users.ts index 33e1be8041..722e284dde 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-users.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts @@ -3,6 +3,7 @@ import type { UsersRepository } from '@/models/index.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { DI } from '@/di-symbols.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; +import { sqlLikeEscape } from '@/misc/sql-like-escape'; export const meta = { tags: ['admin'], @@ -68,7 +69,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { } if (ps.username) { - query.andWhere('user.usernameLower like :username', { username: ps.username.toLowerCase() + '%' }); + query.andWhere('user.usernameLower like :username', { username: sqlLikeEscape(ps.username.toLowerCase()) + '%' }); } if (ps.hostname) { |