From 47aaf044813662931fbaddd965272267fd94ed6a Mon Sep 17 00:00:00 2001
From: MeiMei <30769358+mei23@users.noreply.github.com>
Date: Sun, 23 May 2021 18:57:12 +0900
Subject: [PATCH] Fix search-by-tag (#7531)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Fix search-by-tag
* Revert "Fix search-by-tag"
This reverts commit c971d1d5d82f2d8b58fdec76e42f4404339ab83a.
* Fix typo
* Remove unused var
* インジェクションã¯[]ã‚’è¿”ã™ã‚ˆã†ã«
---
.../api/endpoints/notes/search-by-tag.ts | 35 ++++++++++---------
1 file changed, 19 insertions(+), 16 deletions(-)
diff --git a/src/server/api/endpoints/notes/search-by-tag.ts b/src/server/api/endpoints/notes/search-by-tag.ts
index 61f62dd5a6..463c5fff5a 100644
--- a/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/src/server/api/endpoints/notes/search-by-tag.ts
@@ -104,22 +104,25 @@ export default define(meta, async (ps, me) => {
generateVisibilityQuery(query, me);
if (me) generateMutedUserQuery(query, me);
- if (ps.tag) {
- if (!safeForSql(ps.tag)) return;
- query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
- } else {
- let i = 0;
- query.andWhere(new Brackets(qb => {
- for (const tags of ps.query!) {
- qb.orWhere(new Brackets(qb => {
- for (const tag of tags) {
- if (!safeForSql(tag)) return;
- qb.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
- i++;
- }
- }));
- }
- }));
+ try {
+ if (ps.tag) {
+ if (!safeForSql(ps.tag)) throw 'Injection';
+ query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
+ } else {
+ query.andWhere(new Brackets(qb => {
+ for (const tags of ps.query!) {
+ qb.orWhere(new Brackets(qb => {
+ for (const tag of tags) {
+ if (!safeForSql(tag)) throw 'Injection';
+ qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
+ }
+ }));
+ }
+ }));
+ }
+ } catch (e) {
+ if (e === 'Injection') return [];
+ throw e;
}
if (ps.reply != null) {
--
GitLab