arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix: remove sql injection

Browse Source
This commit is contained in:
Deluan
2020-03-25 20:33:32 -04:00
committed by Deluan Quintão
parent dc973ae670
commit 5331732236
5 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
persistence/album_repository.go
+7 -4
View File
@@ -35,10 +35,13 @@ func NewAlbumRepository(ctx context.Context, o orm.Ormer) model.AlbumRepository
}
func artistFilter(field string, value interface{}) Sqlizer {
return Or{
exist("from media_file where album.id = media_file.album_id and media_file.artist_id='" + value.(string) + "'"),
exist("from media_file where album.id = media_file.album_id and media_file.album_artist_id='" + value.(string) + "'"),
}
return Exists("media_file", And{
ConcatExpr("album_id=album.id"),
Or{
Eq{"artist_id": value},
Eq{"album_artist_id": value},
},
})
}
func (r *albumRepository) CountAll(options ...model.QueryOptions) (int64, error) {