🔒 SQL injection security vulnerabilities https://github.com/siyuan-note/siyuan/issues/13077 https://github.com/siyuan-note/siyuan/issues/13060

2024-11-07 17:23:42 +08:00 · 2024-11-07 17:23:42 +08:00 · 7fa1f89061
commit 7fa1f89061
parent 560890036d
1 changed files with 17 additions and 3 deletions
--- a/kernel/treenode/blocktree.go
+++ b/kernel/treenode/blocktree.go
@ -343,10 +343,24 @@ func GetBlockTrees(ids []string) (ret map[string]*BlockTree) {
 		return
 	}

-	sqlStmt := "SELECT * FROM blocktrees WHERE id IN ('" + strings.Join(ids, "','") + "')"
-	rows, err := db.Query(sqlStmt)
+	stmtBuf := bytes.Buffer{}
+	stmtBuf.WriteString("SELECT * FROM blocktrees WHERE id IN (")
+	for i := range ids {
+		stmtBuf.WriteString("?")
+		if i == len(ids)-1 {
+			stmtBuf.WriteString(")")
+		} else {
+			stmtBuf.WriteString(",")
+		}
+	}
+	var args []any
+	for _, id := range ids {
+		args = append(args, id)
+	}
+	stmt := stmtBuf.String()
+	rows, err := db.Query(stmt, args...)
 	if err != nil {
-		logging.LogErrorf("sql query [%s] failed: %s", sqlStmt, err)
+		logging.LogErrorf("sql query [%s] failed: %s", stmt, err)
 		return
 	}
 	defer rows.Close()