Fix search-by-tag (#7531)
* Fix search-by-tag * Revert "Fix search-by-tag" This reverts commit c971d1d5d82f2d8b58fdec76e42f4404339ab83a. * Fix typo * Remove unused var * インジェクションは[]を返すように
This commit is contained in:
parent
7063a6925f
commit
47aaf04481
1 changed files with 19 additions and 16 deletions
|
@ -104,22 +104,25 @@ export default define(meta, async (ps, me) => {
|
||||||
generateVisibilityQuery(query, me);
|
generateVisibilityQuery(query, me);
|
||||||
if (me) generateMutedUserQuery(query, me);
|
if (me) generateMutedUserQuery(query, me);
|
||||||
|
|
||||||
if (ps.tag) {
|
try {
|
||||||
if (!safeForSql(ps.tag)) return;
|
if (ps.tag) {
|
||||||
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
|
if (!safeForSql(ps.tag)) throw 'Injection';
|
||||||
} else {
|
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
|
||||||
let i = 0;
|
} else {
|
||||||
query.andWhere(new Brackets(qb => {
|
query.andWhere(new Brackets(qb => {
|
||||||
for (const tags of ps.query!) {
|
for (const tags of ps.query!) {
|
||||||
qb.orWhere(new Brackets(qb => {
|
qb.orWhere(new Brackets(qb => {
|
||||||
for (const tag of tags) {
|
for (const tag of tags) {
|
||||||
if (!safeForSql(tag)) return;
|
if (!safeForSql(tag)) throw 'Injection';
|
||||||
qb.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
|
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
|
||||||
i++;
|
}
|
||||||
}
|
}));
|
||||||
}));
|
}
|
||||||
}
|
}));
|
||||||
}));
|
}
|
||||||
|
} catch (e) {
|
||||||
|
if (e === 'Injection') return [];
|
||||||
|
throw e;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ps.reply != null) {
|
if (ps.reply != null) {
|
||||||
|
|
Loading…
Reference in a new issue