Fix #6016
This commit is contained in:
parent
177e19632a
commit
09175b84df
@ -6,6 +6,7 @@ import { Notes } from '../../../../models';
|
|||||||
import { generateMuteQuery } from '../../common/generate-mute-query';
|
import { generateMuteQuery } from '../../common/generate-mute-query';
|
||||||
import { generateVisibilityQuery } from '../../common/generate-visibility-query';
|
import { generateVisibilityQuery } from '../../common/generate-visibility-query';
|
||||||
import { Brackets } from 'typeorm';
|
import { Brackets } from 'typeorm';
|
||||||
|
import { safeForSql } from '../../../../misc/safe-for-sql';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
desc: {
|
desc: {
|
||||||
@ -99,7 +100,7 @@ export default define(meta, async (ps, me) => {
|
|||||||
if (me) generateMuteQuery(query, me);
|
if (me) generateMuteQuery(query, me);
|
||||||
|
|
||||||
if (ps.tag) {
|
if (ps.tag) {
|
||||||
if (/[\0\x08\x09\x1a\n\r"'\\\%]/g.test(ps.tag)) return;
|
if (!safeForSql(ps.tag)) return;
|
||||||
query.andWhere(`'{"${ps.tag.toLowerCase()}"}' <@ note.tags`);
|
query.andWhere(`'{"${ps.tag.toLowerCase()}"}' <@ note.tags`);
|
||||||
} else {
|
} else {
|
||||||
let i = 0;
|
let i = 0;
|
||||||
@ -107,7 +108,8 @@ export default define(meta, async (ps, me) => {
|
|||||||
for (const tags of ps.query!) {
|
for (const tags of ps.query!) {
|
||||||
qb.orWhere(new Brackets(qb => {
|
qb.orWhere(new Brackets(qb => {
|
||||||
for (const tag of tags) {
|
for (const tag of tags) {
|
||||||
qb.andWhere(`:tag${i} = ANY(note.tags)`, { [`tag${i}`]: tag.toLowerCase() });
|
if (!safeForSql(tag)) return;
|
||||||
|
qb.andWhere(`'{"${tag.toLowerCase()}"}' <@ note.tags`);
|
||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
Loading…
Reference in New Issue
Block a user