From bc80944f269715209f2b2acf8749a501de2de962 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=BA=90=E6=96=87=E9=9B=A8?=
 <41315874+fumiama@users.noreply.github.com>
Date: Wed, 9 Nov 2022 21:11:23 +0800
Subject: [PATCH] fix: possible sql inject

---
 db/sqlite3/sqlite3.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/db/sqlite3/sqlite3.go b/db/sqlite3/sqlite3.go
index a6b6a3b..bd6822d 100644
--- a/db/sqlite3/sqlite3.go
+++ b/db/sqlite3/sqlite3.go
@@ -180,10 +180,13 @@ func (s *database) GetPrivateMessageByGlobalID(id int32) (*db.StoredPrivateMessa
 }
 
 func (s *database) GetGuildChannelMessageByID(id string) (*db.StoredGuildChannelMessage, error) {
-	_, err := base64.StdEncoding.DecodeString(id)
+	b, err := base64.StdEncoding.DecodeString(id)
 	if err != nil {
 		return nil, errors.Wrap(err, "query invalid id error")
 	}
+	if len(b) < 25 {
+		return nil, errors.New("query invalid id error: content too short")
+	}
 	var ret db.StoredGuildChannelMessage
 	var guildmsg StoredGuildChannelMessage
 	s.RLock()