moon
/
enigma-bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix possible SQL injection in file tags search

This commit is contained in:
Bryan Ashby 2018-06-01 20:16:08 -06:00
parent 70ce81c01a
commit 95422f71ba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/file_entry.js
View File

@ -548,7 +548,7 @@ module.exports = class FileEntry {
if(filter.tags && filter.tags.length > 0) { if(filter.tags && filter.tags.length > 0) {
// build list of quoted tags; filter.tags comes in as a space and/or comma separated values // build list of quoted tags; filter.tags comes in as a space and/or comma separated values
const tags = filter.tags.replace(/,/g, ' ').replace(/\s{2,}/g, ' ').split(' ').map( tag => `"${tag}"` ).join(','); const tags = filter.tags.replace(/,/g, ' ').replace(/\s{2,}/g, ' ').split(' ').map( tag => `"${sanatizeString(tag)}"` ).join(',');
appendWhereClause( appendWhereClause(
`f.file_id IN ( `f.file_id IN (