mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-29 09:31:11 -05:00
Made the issues query more secure and simpler
This commit is contained in:
parent
79a1bfd963
commit
b5948f2e71
1 changed files with 5 additions and 16 deletions
|
@ -547,27 +547,16 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
|
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
|
||||||
if len(labelIDs) > 0 {
|
if len(labelIDs) > 1 {
|
||||||
validJoin := false
|
sess.Join("INNER", "issue_label", "issue.id = issue_label.issue_id").In("issue_label.label_id", labelIDs)
|
||||||
queryStr := "issue.id=issue_label.issue_id"
|
|
||||||
for _, id := range labelIDs {
|
|
||||||
if id == 0 {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
validJoin = true
|
|
||||||
queryStr += " AND issue_label.label_id=" + com.ToStr(id)
|
|
||||||
}
|
|
||||||
if validJoin {
|
|
||||||
sess.Join("INNER", "issue_label", queryStr)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.IsMention {
|
if opts.IsMention {
|
||||||
queryStr := "issue.id=issue_user.issue_id AND issue_user.is_mentioned=1"
|
sess.Join("INNER", "issue_user", "issue.id = issue_user.issue_id AND issue_user.is_mentioned = 1")
|
||||||
|
|
||||||
if opts.UserID > 0 {
|
if opts.UserID > 0 {
|
||||||
queryStr += " AND issue_user.uid=" + com.ToStr(opts.UserID)
|
sess.Where("issue_user.uid = ?", opts.UserID)
|
||||||
}
|
}
|
||||||
sess.Join("INNER", "issue_user", queryStr)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
issues := make([]*Issue, 0, setting.IssuePagingNum)
|
issues := make([]*Issue, 0, setting.IssuePagingNum)
|
||||||
|
|
Loading…
Reference in a new issue