verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

fix(filterValue): fixed sql injection vulnerability
gitea/salix/pipeline/head There was a failure building this commit Details 

Refs: 3369
This commit is contained in:
Joan Sanchez 2021-11-22 14:40:03 +01:00
parent 02bc848b7e
commit a940d14256
6 changed files with 24 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
front/core/components/field/style.scss
View File

@ -71,7 +71,7 @@
color: $color-font;
&::placeholder {
color: $color-font-bg;
color: $color-font-bg-marginal;
}
&[type=time],
&[type=date],

11
modules/entry/front/latest-buys-search-panel/index.html
View File

@ -81,18 +81,21 @@
on-change="itemTag.value = null">
</vn-autocomplete>
<vn-textfield
ng-show="tag.selection.isFree !== false"
ng-show="tag.selection.isFree || tag.selection.isFree == undefined"
vn-id="text"
label="Value"
ng-model="itemTag.value">
</vn-textfield>
<vn-autocomplete
vn-one
ng-show="tag.selection.isFree === false"
url="{{$ctrl.getSourceTable(tag.selection)}}"
url="{{'Tags/' + itemTag.tagFk + '/filterValue'}}"
search-function="{value: $search}"
label="Value"
ng-model="itemTag.value"
show-field="name"
value-field="name">
show-field="value"
value-field="value"
rule>
</vn-autocomplete>
<vn-icon-button
vn-none

12
modules/entry/front/latest-buys-search-panel/index.js
View File

@ -55,18 +55,6 @@ class Controller extends SearchPanel {
this.$.filter = value;
}
getSourceTable(selection) {
if (!selection || selection.isFree === true)
return null;
if (selection.sourceTable) {
return ''
+ selection.sourceTable.charAt(0).toUpperCase()
+ selection.sourceTable.substring(1) + 's';
} else if (selection.sourceTable == null)
return `ItemTags/filterItemTags/${selection.id}`;
}
removeField(index, field) {
this.fieldFilters.splice(index, 1);
this.$.filter[field] = undefined;

11
modules/item/back/methods/tag/filterValue.js
View File

@ -47,9 +47,14 @@ module.exports = Self => {
const where = filter.where;
if (where && where.value) {
stmt.merge(conn.makeWhere({value: {like: `%${where.value}%`}}));
stmt.merge(`
ORDER BY value LIKE '${where.value}' DESC,
value LIKE '${where.value}%' DESC`);
const newStmt = new ParameterizedSQL(
`ORDER BY value LIKE ? DESC,
value LIKE ? DESC`, [
where.value,
`${where.value}%`
]);
ParameterizedSQL.append(newStmt, stmt);
}
stmt.merge(conn.makeLimit(filter));

10
modules/item/front/search-panel/index.html
View File

@ -72,7 +72,7 @@
</vn-autocomplete>
<vn-textfield
vn-one
ng-show="tag.selection.isFree !== false"
ng-show="tag.selection.isFree || tag.selection.isFree == undefined"
vn-id="text"
label="Value"
ng-model="itemTag.value">
@ -80,11 +80,13 @@
<vn-autocomplete
vn-one
ng-show="tag.selection.isFree === false"
url="{{$ctrl.getSourceTable(tag.selection)}}"
url="{{'Tags/' + itemTag.tagFk + '/filterValue'}}"
search-function="{value: $search}"
label="Value"
ng-model="itemTag.value"
show-field="name"
value-field="name">
show-field="value"
value-field="value"
rule>
</vn-autocomplete>
<vn-icon-button
vn-none

12
modules/item/front/search-panel/index.js
View File

@ -55,18 +55,6 @@ class Controller extends SearchPanel {
this.$.filter = value;
}
getSourceTable(selection) {
if (!selection || selection.isFree === true)
return null;
if (selection.sourceTable) {
return ''
+ selection.sourceTable.charAt(0).toUpperCase()
+ selection.sourceTable.substring(1) + 's';
} else if (selection.sourceTable == null)
return `ItemTags/filterItemTags/${selection.id}`;
}
removeField(index, field) {
this.fieldFilters.splice(index, 1);
this.$.filter[field] = undefined;