0ct0pu5/siyuan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🔒 SQL injection security vulnerabilities https://github.com/siyuan-note/siyuan/issues/13077 https://github.com/siyuan-note/siyuan/issues/13058

Browse source
This commit is contained in:
Daniel 2024-11-07 17:38:10 +08:00
parent 831d350653
commit ed33718ddf
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
kernel/model/history.go
View file

@ -473,6 +473,10 @@ func buildSearchHistoryQueryFilter(query, op, box, table string, typ int) (stmt
stmt += " AND op = '" + op + "'"
}
if "%" != box && !ast.IsNodeIDPattern(box) {
box = "%"
}
if HistoryTypeDocName == typ || HistoryTypeDoc == typ || HistoryTypeDocID == typ {
if HistoryTypeDocName == typ || HistoryTypeDoc == typ {
stmt += " AND path LIKE '%/" + box + "/%' AND path LIKE '%.sy'"