0ct0pu5/siyuan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🔒 SQL injection security vulnerabilities https://github.com/siyuan-note/siyuan/issues/13077 https://github.com/siyuan-note/siyuan/issues/13057

Browse source
This commit is contained in:
Daniel 2024-11-07 17:43:44 +08:00
parent ed33718ddf
commit 06c39771ce
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
kernel/model/history.go
View file

@ -448,6 +448,13 @@ func FullTextSearchHistoryItems(created, query, box, op string, typ int) (ret []
table := "histories_fts_case_insensitive"
stmt := "SELECT * FROM " + table + " WHERE "
stmt += buildSearchHistoryQueryFilter(query, op, box, table, typ)
_, parseErr := strconv.Atoi(created)
if nil != parseErr {
ret = []*HistoryItem{}
return
}
stmt += " AND created = '" + created + "' ORDER BY created DESC LIMIT " + fmt.Sprintf("%d", fileHistoryPageSize)
sqlHistories := sql.SelectHistoriesRawStmt(stmt)
ret = fromSQLHistories(sqlHistories)