🔒 SQL injection security vulnerabilities https://github.com/siyuan-note/siyuan/issues/13077 https://github.com/siyuan-note/siyuan/issues/13059

2024-11-07 17:32:51 +08:00 · 2024-11-07 17:32:51 +08:00 · 831d350653
commit 831d350653
parent 7fa1f89061
1 changed files with 3 additions and 0 deletions
--- a/kernel/model/asset_content.go
+++ b/kernel/model/asset_content.go
@ -63,6 +63,9 @@ func GetAssetContent(id, query string, queryMethod int) (ret *AssetContent) {
 			query = stringQuery(query)
 		}
 	}
+	if !ast.IsNodeIDPattern(id) {
+		return
+	}

 	table := "asset_contents_fts_case_insensitive"
 	filter := " id = '" + id + "'"