natty
/
misskey-awawa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix search-by-tag (#7531) 

* Fix search-by-tag

* Revert "Fix search-by-tag"

This reverts commit c971d1d5d82f2d8b58fdec76e42f4404339ab83a.

* Fix typo

* Remove unused var

* インジェクションは[]を返すように
This commit is contained in:
MeiMei 2021-05-23 18:57:12 +09:00 committed by GitHub
parent 7063a6925f
commit 47aaf04481
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/server/api/endpoints/notes/search-by-tag.ts
View File

@ -104,23 +104,26 @@ export default define(meta, async (ps, me) => {
generateVisibilityQuery(query, me); generateVisibilityQuery(query, me);
if (me) generateMutedUserQuery(query, me); if (me) generateMutedUserQuery(query, me);
try {
if (ps.tag) { if (ps.tag) {
if (!safeForSql(ps.tag)) return; if (!safeForSql(ps.tag)) throw 'Injection';
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`); query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
} else { } else {
let i = 0;
query.andWhere(new Brackets(qb => { query.andWhere(new Brackets(qb => {
for (const tags of ps.query!) { for (const tags of ps.query!) {
qb.orWhere(new Brackets(qb => { qb.orWhere(new Brackets(qb => {
for (const tag of tags) { for (const tag of tags) {
if (!safeForSql(tag)) return; if (!safeForSql(tag)) throw 'Injection';
qb.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`); qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
i++;
} }
})); }));
} }
})); }));
} }
} catch (e) {
if (e === 'Injection') return [];
throw e;
}
if (ps.reply != null) { if (ps.reply != null) {
if (ps.reply) { if (ps.reply) {