zydronium/enigma-bbs
1
0
Fork 0
mirror of https://github.com/NuSkooler/enigma-bbs.git synced 2025-08-05 17:28:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix possible SQL injection in file tags search

Browse source
This commit is contained in:
Bryan Ashby 2018-06-01 20:16:08 -06:00
parent 70ce81c01a
commit 95422f71ba
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
core/file_entry.js
View file

@ -548,7 +548,7 @@ module.exports = class FileEntry {
if(filter.tags && filter.tags.length > 0) {
// build list of quoted tags; filter.tags comes in as a space and/or comma separated values
const tags = filter.tags.replace(/,/g, ' ').replace(/\s{2,}/g, ' ').split(' ').map( tag => `"${tag}"` ).join(',');
const tags = filter.tags.replace(/,/g, ' ').replace(/\s{2,}/g, ' ').split(' ').map( tag => `"${sanatizeString(tag)}"` ).join(',');
appendWhereClause(
`f.file_id IN (