shkong/go-cqhttp
1
0
Fork 0
mirror of https://github.com/Mrs4s/go-cqhttp.git synced 2025-05-04 19:17:37 +08:00
Code Issues Projects Releases Wiki Activity

fix: possible sql inject

Browse Source
This commit is contained in:
源文雨 2022-11-09 21:11:23 +08:00
parent fc51a69ff1
commit bc80944f26
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
db/sqlite3/sqlite3.go
View File

@ -180,10 +180,13 @@ func (s *database) GetPrivateMessageByGlobalID(id int32) (*db.StoredPrivateMessa
} }
func (s *database) GetGuildChannelMessageByID(id string) (*db.StoredGuildChannelMessage, error) { func (s *database) GetGuildChannelMessageByID(id string) (*db.StoredGuildChannelMessage, error) {
_, err := base64.StdEncoding.DecodeString(id) b, err := base64.StdEncoding.DecodeString(id)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "query invalid id error") return nil, errors.Wrap(err, "query invalid id error")
} }
if len(b) < 25 {
return nil, errors.New("query invalid id error: content too short")
}
var ret db.StoredGuildChannelMessage var ret db.StoredGuildChannelMessage
var guildmsg StoredGuildChannelMessage var guildmsg StoredGuildChannelMessage
s.RLock() s.RLock()