diff options
| author | KevinWh0 <45321184+ChaoticLeah@users.noreply.github.com> | 2024-07-16 22:06:38 +0200 |
|---|---|---|
| committer | KevinWh0 <45321184+ChaoticLeah@users.noreply.github.com> | 2024-07-16 22:06:38 +0200 |
| commit | f97417cfca8ceb5e3c76e0e1c67e2afc11a89b92 (patch) | |
| tree | 1c8e44bb552849f6f78b5940a519d7d9cd1f93da /packages/backend/src/server | |
| parent | Add locales for search bar (diff) | |
| download | sharkey-f97417cfca8ceb5e3c76e0e1c67e2afc11a89b92.tar.gz sharkey-f97417cfca8ceb5e3c76e0e1c67e2afc11a89b92.tar.bz2 sharkey-f97417cfca8ceb5e3c76e0e1c67e2afc11a89b92.zip | |
Add stuff talked about on MR
Diffstat (limited to 'packages/backend/src/server')
| -rw-r--r-- | packages/backend/src/server/api/endpoints/drive/files.ts | 5 | ||||
| -rw-r--r-- | packages/backend/src/server/api/endpoints/drive/folders.ts | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/packages/backend/src/server/api/endpoints/drive/files.ts b/packages/backend/src/server/api/endpoints/drive/files.ts index e8bebb449b..6d87d5ddf7 100644 --- a/packages/backend/src/server/api/endpoints/drive/files.ts +++ b/packages/backend/src/server/api/endpoints/drive/files.ts @@ -9,6 +9,7 @@ import type { DriveFilesRepository } from '@/models/_.js'; import { QueryService } from '@/core/QueryService.js'; import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js'; import { DI } from '@/di-symbols.js'; +import { sqlLikeEscape } from '@/misc/sql-like-escape.js'; export const meta = { tags: ['drive'], @@ -37,7 +38,7 @@ export const paramDef = { folderId: { type: 'string', format: 'misskey:id', nullable: true, default: null }, type: { type: 'string', nullable: true, pattern: /^[a-zA-Z\/\-*]+$/.toString().slice(1, -1) }, sort: { type: 'string', nullable: true, enum: ['+createdAt', '-createdAt', '+name', '-name', '+size', '-size', null] }, - searchQuery: {type : 'string', default: '' } + searchQuery: { type: 'string', default: '' } }, required: [], } as const; @@ -62,7 +63,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- } if (ps.searchQuery.length > 0) { - query.andWhere('file.name ILIKE :searchQuery OR file.comment ILIKE :searchQuery', { searchQuery: `%${ps.searchQuery}%` }); + query.andWhere('file.name ILIKE :searchQuery OR file.comment ILIKE :searchQuery', { searchQuery: `%${sqlLikeEscape(ps.searchQuery)}%` }); } if (ps.type) { diff --git a/packages/backend/src/server/api/endpoints/drive/folders.ts b/packages/backend/src/server/api/endpoints/drive/folders.ts index 03223b267f..9bcd824882 100644 --- a/packages/backend/src/server/api/endpoints/drive/folders.ts +++ b/packages/backend/src/server/api/endpoints/drive/folders.ts @@ -9,6 +9,7 @@ import type { DriveFoldersRepository } from '@/models/_.js'; import { QueryService } from '@/core/QueryService.js'; import { DriveFolderEntityService } from '@/core/entities/DriveFolderEntityService.js'; import { DI } from '@/di-symbols.js'; +import { sqlLikeEscape } from '@/misc/sql-like-escape.js'; export const meta = { tags: ['drive'], @@ -35,7 +36,7 @@ export const paramDef = { sinceId: { type: 'string', format: 'misskey:id' }, untilId: { type: 'string', format: 'misskey:id' }, folderId: { type: 'string', format: 'misskey:id', nullable: true, default: null }, - searchQuery: {type : 'string', default: '' } + searchQuery: { type: 'string', default: '' } }, required: [], } as const; @@ -60,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- } if (ps.searchQuery.length > 0) { - query.andWhere('folder.name ILIKE :searchQuery', { searchQuery: `%${ps.searchQuery}%` }); + query.andWhere('folder.name ILIKE :searchQuery', { searchQuery: `%${sqlLikeEscape(ps.searchQuery)}%` }); } const folders = await query.limit(ps.limit).getMany(); |