diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2020-02-20 07:18:16 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2020-02-20 07:18:16 +0900 |
| commit | 177e19632a3ebe81eea8444d571def4da50017a5 (patch) | |
| tree | 07a0f5c0ef99e421136c7a6fb186d7fe73d1dab2 /src/server | |
| parent | Remove header transition (diff) | |
| download | sharkey-177e19632a3ebe81eea8444d571def4da50017a5.tar.gz sharkey-177e19632a3ebe81eea8444d571def4da50017a5.tar.bz2 sharkey-177e19632a3ebe81eea8444d571def4da50017a5.zip | |
Fix #6016
Diffstat (limited to 'src/server')
| -rw-r--r-- | src/server/api/endpoints/hashtags/trend.ts | 5 | ||||
| -rw-r--r-- | src/server/api/endpoints/notes/search-by-tag.ts | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/server/api/endpoints/hashtags/trend.ts b/src/server/api/endpoints/hashtags/trend.ts index 740b6de4d7..cfa97d1475 100644 --- a/src/server/api/endpoints/hashtags/trend.ts +++ b/src/server/api/endpoints/hashtags/trend.ts @@ -3,6 +3,7 @@ import define from '../../define'; import { fetchMeta } from '../../../../misc/fetch-meta'; import { Notes } from '../../../../models'; import { Note } from '../../../../models/entities/note'; +import { safeForSql } from '../../../../misc/safe-for-sql'; /* トレンドに載るためには「『直近a分間のユニーク投稿数が今からa分前~今からb分前の間のユニーク投稿数のn倍以上』のハッシュタグの上位5位以内に入る」ことが必要 @@ -113,7 +114,7 @@ export default define(meta, async () => { for (let i = 0; i < range; i++) { countPromises.push(Promise.all(hots.map(tag => Notes.createQueryBuilder('note') .select('count(distinct note.userId)') - .where(':tag = ANY(note.tags)', { tag: tag }) + .where(`'{"${safeForSql(tag) ? tag : 'aichan_kawaii'}"}' <@ note.tags`) .andWhere('note.createdAt < :lt', { lt: new Date(now.getTime() - (interval * i)) }) .andWhere('note.createdAt > :gt', { gt: new Date(now.getTime() - (interval * (i + 1))) }) .cache(60000) // 1 min @@ -127,7 +128,7 @@ export default define(meta, async () => { const totalCounts = await Promise.all(hots.map(tag => Notes.createQueryBuilder('note') .select('count(distinct note.userId)') - .where(':tag = ANY(note.tags)', { tag: tag }) + .where(`'{"${safeForSql(tag) ? tag : 'aichan_kawaii'}"}' <@ note.tags`) .andWhere('note.createdAt > :gt', { gt: new Date(now.getTime() - rangeA) }) .cache(60000 * 60) // 60 min .getRawOne() diff --git a/src/server/api/endpoints/notes/search-by-tag.ts b/src/server/api/endpoints/notes/search-by-tag.ts index f4b89ff9f5..aaeec5ecf4 100644 --- a/src/server/api/endpoints/notes/search-by-tag.ts +++ b/src/server/api/endpoints/notes/search-by-tag.ts @@ -99,7 +99,8 @@ export default define(meta, async (ps, me) => { if (me) generateMuteQuery(query, me); if (ps.tag) { - query.andWhere(':tag = ANY(note.tags)', { tag: ps.tag.toLowerCase() }); + if (/[\0\x08\x09\x1a\n\r"'\\\%]/g.test(ps.tag)) return; + query.andWhere(`'{"${ps.tag.toLowerCase()}"}' <@ note.tags`); } else { let i = 0; query.andWhere(new Brackets(qb => { @@ -143,7 +144,7 @@ export default define(meta, async (ps, me) => { } // Search notes - const notes = await query.take(ps.limit!).getMany(); + const notes = await query.take(ps.limit!).printSql().getMany(); return await Notes.packMany(notes, me); }); |