fix(filterValue): fixed sql injection vulnerability
gitea/salix/pipeline/head There was a failure building this commit Details

Refs: 3369
This commit is contained in:
Joan Sanchez 2021-11-22 14:40:03 +01:00
parent 02bc848b7e
commit a940d14256
6 changed files with 24 additions and 38 deletions

View File

@ -71,7 +71,7 @@
color: $color-font; color: $color-font;
&::placeholder { &::placeholder {
color: $color-font-bg; color: $color-font-bg-marginal;
} }
&[type=time], &[type=time],
&[type=date], &[type=date],

View File

@ -81,18 +81,21 @@
on-change="itemTag.value = null"> on-change="itemTag.value = null">
</vn-autocomplete> </vn-autocomplete>
<vn-textfield <vn-textfield
ng-show="tag.selection.isFree !== false" ng-show="tag.selection.isFree || tag.selection.isFree == undefined"
vn-id="text" vn-id="text"
label="Value" label="Value"
ng-model="itemTag.value"> ng-model="itemTag.value">
</vn-textfield> </vn-textfield>
<vn-autocomplete <vn-autocomplete
vn-one
ng-show="tag.selection.isFree === false" ng-show="tag.selection.isFree === false"
url="{{$ctrl.getSourceTable(tag.selection)}}" url="{{'Tags/' + itemTag.tagFk + '/filterValue'}}"
search-function="{value: $search}"
label="Value" label="Value"
ng-model="itemTag.value" ng-model="itemTag.value"
show-field="name" show-field="value"
value-field="name"> value-field="value"
rule>
</vn-autocomplete> </vn-autocomplete>
<vn-icon-button <vn-icon-button
vn-none vn-none

View File

@ -55,18 +55,6 @@ class Controller extends SearchPanel {
this.$.filter = value; this.$.filter = value;
} }
getSourceTable(selection) {
if (!selection || selection.isFree === true)
return null;
if (selection.sourceTable) {
return ''
+ selection.sourceTable.charAt(0).toUpperCase()
+ selection.sourceTable.substring(1) + 's';
} else if (selection.sourceTable == null)
return `ItemTags/filterItemTags/${selection.id}`;
}
removeField(index, field) { removeField(index, field) {
this.fieldFilters.splice(index, 1); this.fieldFilters.splice(index, 1);
this.$.filter[field] = undefined; this.$.filter[field] = undefined;

View File

@ -47,9 +47,14 @@ module.exports = Self => {
const where = filter.where; const where = filter.where;
if (where && where.value) { if (where && where.value) {
stmt.merge(conn.makeWhere({value: {like: `%${where.value}%`}})); stmt.merge(conn.makeWhere({value: {like: `%${where.value}%`}}));
stmt.merge(`
ORDER BY value LIKE '${where.value}' DESC, const newStmt = new ParameterizedSQL(
value LIKE '${where.value}%' DESC`); `ORDER BY value LIKE ? DESC,
value LIKE ? DESC`, [
where.value,
`${where.value}%`
]);
ParameterizedSQL.append(newStmt, stmt);
} }
stmt.merge(conn.makeLimit(filter)); stmt.merge(conn.makeLimit(filter));

View File

@ -72,7 +72,7 @@
</vn-autocomplete> </vn-autocomplete>
<vn-textfield <vn-textfield
vn-one vn-one
ng-show="tag.selection.isFree !== false" ng-show="tag.selection.isFree || tag.selection.isFree == undefined"
vn-id="text" vn-id="text"
label="Value" label="Value"
ng-model="itemTag.value"> ng-model="itemTag.value">
@ -80,11 +80,13 @@
<vn-autocomplete <vn-autocomplete
vn-one vn-one
ng-show="tag.selection.isFree === false" ng-show="tag.selection.isFree === false"
url="{{$ctrl.getSourceTable(tag.selection)}}" url="{{'Tags/' + itemTag.tagFk + '/filterValue'}}"
search-function="{value: $search}"
label="Value" label="Value"
ng-model="itemTag.value" ng-model="itemTag.value"
show-field="name" show-field="value"
value-field="name"> value-field="value"
rule>
</vn-autocomplete> </vn-autocomplete>
<vn-icon-button <vn-icon-button
vn-none vn-none

View File

@ -55,18 +55,6 @@ class Controller extends SearchPanel {
this.$.filter = value; this.$.filter = value;
} }
getSourceTable(selection) {
if (!selection || selection.isFree === true)
return null;
if (selection.sourceTable) {
return ''
+ selection.sourceTable.charAt(0).toUpperCase()
+ selection.sourceTable.substring(1) + 's';
} else if (selection.sourceTable == null)
return `ItemTags/filterItemTags/${selection.id}`;
}
removeField(index, field) { removeField(index, field) {
this.fieldFilters.splice(index, 1); this.fieldFilters.splice(index, 1);
this.$.filter[field] = undefined; this.$.filter[field] = undefined;