Closed Samuel-Jobb closed 9 months ago
I have identified a escape issue that could lead to sql injections.
The following code within lib/misc/utils.js:
// to permit working with reserved words if (value.match(/^`.+`$/g)) { // already escaped return value; }
Could lead to sql injections by using the following or similar input:
`table`; DROP TABLE `table`; -- `
Example usage:
const result = escapeId("`table`; DROP TABLE `table`; -- `"); console.log(result); // "`table`; DROP TABLE `table`; -- `"
Expected result should be
```table``; DROP TABLE ``table``; -- ```
and not
This is because the regex you're using doesn't properly escape this and assumes it is already escape. which it isn't.
The simplest fix would be just to remove this if statement and always escape the input no matter what.
right, this will be release quickly in next version
I have identified a escape issue that could lead to sql injections.
The following code within lib/misc/utils.js:
Could lead to sql injections by using the following or similar input:
Example usage:
Expected result should be
and not
This is because the regex you're using doesn't properly escape this and assumes it is already escape. which it isn't.
The simplest fix would be just to remove this if statement and always escape the input no matter what.