summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/endpoints/notes/search.ts
diff options
context:
space:
mode:
authorMeiMei <30769358+mei23@users.noreply.github.com>2023-01-08 20:32:17 +0900
committerGitHub <noreply@github.com>2023-01-08 20:32:17 +0900
commit10e526ba5682fef9488d1d38ba5dfcda38619673 (patch)
tree1677ade360e317be70200050cb67b0957f35ebca /packages/backend/src/server/api/endpoints/notes/search.ts
parentfix following chart (diff)
downloadsharkey-10e526ba5682fef9488d1d38ba5dfcda38619673.tar.gz
sharkey-10e526ba5682fef9488d1d38ba5dfcda38619673.tar.bz2
sharkey-10e526ba5682fef9488d1d38ba5dfcda38619673.zip
fix: Escape SQL LIKE (#9493)
* SQL LIKE escape * CHANGELOG
Diffstat (limited to 'packages/backend/src/server/api/endpoints/notes/search.ts')
-rw-r--r--packages/backend/src/server/api/endpoints/notes/search.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints/notes/search.ts b/packages/backend/src/server/api/endpoints/notes/search.ts
index 27b477e141..02701ffe1e 100644
--- a/packages/backend/src/server/api/endpoints/notes/search.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search.ts
@@ -6,6 +6,7 @@ import { QueryService } from '@/core/QueryService.js';
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
+import { sqlLikeEscape } from '@/misc/sql-like-escape';
export const meta = {
tags: ['notes'],
@@ -70,7 +71,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
}
query
- .andWhere('note.text ILIKE :q', { q: `%${ps.query}%` })
+ .andWhere('note.text ILIKE :q', { q: `%${ sqlLikeEscape(ps.query) }%` })
.innerJoinAndSelect('note.user', 'user')
.leftJoinAndSelect('user.avatar', 'avatar')
.leftJoinAndSelect('user.banner', 'banner')
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 19:05:36 +0000