fix: 🔒 improve tag search security

2025-03-04 07:18:50 -07:00 · 2023-02-04 12:38:46 -08:00 · 2023-02-04 12:38:46 -08:00 · 4073b746b4
commit 4073b746b4
parent 06ee523871
1 changed files with 2 additions and 2 deletions
--- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
@ -93,7 +93,7 @@ export default define(meta, paramDef, async (ps, me) => {

 	try {
 		if (ps.tag) {
-			if (!safeForSql(ps.tag)) throw new Error("Injection");
+			if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
 			query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
 		} else {
 			query.andWhere(
@ -102,7 +102,7 @@ export default define(meta, paramDef, async (ps, me) => {
 						qb.orWhere(
 							new Brackets((qb) => {
 								for (const tag of tags) {
-									if (!safeForSql(tag)) throw new Error("Injection");
+									if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
 									qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
 								}
 							}),