Mirrors/stash
1
0
Fork 0
mirror of https://github.com/stashapp/stash.git synced 2025-12-17 04:14:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use parameter binding for all queries

Browse Source
This commit is contained in:
Infinite
2020-02-29 16:18:59 +01:00
parent 97ab40595e
commit 716c33fc8e
6 changed files with 15 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/models/querybuilder_gallery.go
View File

@@ -119,7 +119,9 @@ func (qb *GalleryQueryBuilder) Query(findFilter *FindFilterType) ([]*Gallery, in
if q := findFilter.Q; q != nil && *q != "" { if q := findFilter.Q; q != nil && *q != "" {
searchColumns := []string{"galleries.path", "galleries.checksum"} searchColumns := []string{"galleries.path", "galleries.checksum"}
whereClauses = append(whereClauses, getSearch(searchColumns, *q)) clause, thisArgs := getSearchBinding(searchColumns, *q, false)
whereClauses = append(whereClauses, clause)
args = append(args, thisArgs...)
} }
sortAndPagination := qb.getGallerySort(findFilter) + getPagination(findFilter) sortAndPagination := qb.getGallerySort(findFilter) + getPagination(findFilter)

4
pkg/models/querybuilder_scene.go
View File

@@ -221,7 +221,9 @@ func (qb *SceneQueryBuilder) Query(sceneFilter *SceneFilterType, findFilter *Fin
if q := findFilter.Q; q != nil && *q != "" { if q := findFilter.Q; q != nil && *q != "" {
searchColumns := []string{"scenes.title", "scenes.details", "scenes.path", "scenes.checksum", "scene_markers.title"} searchColumns := []string{"scenes.title", "scenes.details", "scenes.path", "scenes.checksum", "scene_markers.title"}
whereClauses = append(whereClauses, getSearch(searchColumns, *q)) clause, thisArgs := getSearchBinding(searchColumns, *q, false)
whereClauses = append(whereClauses, clause)
args = append(args, thisArgs...)
} }
if rating := sceneFilter.Rating; rating != nil { if rating := sceneFilter.Rating; rating != nil {

4
pkg/models/querybuilder_scene_marker.go
View File

@@ -227,7 +227,9 @@ func (qb *SceneMarkerQueryBuilder) Query(sceneMarkerFilter *SceneMarkerFilterTyp
if q := findFilter.Q; q != nil && *q != "" { if q := findFilter.Q; q != nil && *q != "" {
searchColumns := []string{"scene_markers.title", "scene.title"} searchColumns := []string{"scene_markers.title", "scene.title"}
whereClauses = append(whereClauses, getSearch(searchColumns, *q)) clause, thisArgs := getSearchBinding(searchColumns, *q, false)
whereClauses = append(whereClauses, clause)
args = append(args, thisArgs...)
} }
if tagID := sceneMarkerFilter.TagID; tagID != nil { if tagID := sceneMarkerFilter.TagID; tagID != nil {

23
pkg/models/querybuilder_sql.go
View File

@@ -137,29 +137,6 @@ func getRandomSort(tableName string, direction string, seed float64) string {
return " ORDER BY " + "(substr(" + colName + " * " + randomSortString + ", length(" + colName + ") + 2))" + " " + direction return " ORDER BY " + "(substr(" + colName + " * " + randomSortString + ", length(" + colName + ") + 2))" + " " + direction
} }
func getSearch(columns []string, q string) string {
// TODO - susceptible to SQL injection
var likeClauses []string
queryWords := strings.Split(q, " ")
trimmedQuery := strings.Trim(q, "\"")
if trimmedQuery == q {
// Search for any word
for _, word := range queryWords {
for _, column := range columns {
likeClauses = append(likeClauses, column+" LIKE '%"+word+"%'")
}
}
} else {
// Search the exact query
for _, column := range columns {
likeClauses = append(likeClauses, column+" LIKE '%"+trimmedQuery+"%'")
}
}
likes := strings.Join(likeClauses, " OR ")
return "(" + likes + ")"
}
func getSearchBinding(columns []string, q string, not bool) (string, []interface{}) { func getSearchBinding(columns []string, q string, not bool) (string, []interface{}) {
var likeClauses []string var likeClauses []string
var args []interface{} var args []interface{}

4
pkg/models/querybuilder_studio.go
View File

@@ -108,7 +108,9 @@ func (qb *StudioQueryBuilder) Query(findFilter *FindFilterType) ([]*Studio, int)
if q := findFilter.Q; q != nil && *q != "" { if q := findFilter.Q; q != nil && *q != "" {
searchColumns := []string{"studios.name"} searchColumns := []string{"studios.name"}
whereClauses = append(whereClauses, getSearch(searchColumns, *q)) clause, thisArgs := getSearchBinding(searchColumns, *q, false)
whereClauses = append(whereClauses, clause)
args = append(args, thisArgs...)
} }
sortAndPagination := qb.getStudioSort(findFilter) + getPagination(findFilter) sortAndPagination := qb.getStudioSort(findFilter) + getPagination(findFilter)

4
pkg/models/querybuilder_tag.go
View File

@@ -147,7 +147,9 @@ func (qb *TagQueryBuilder) Query(findFilter *FindFilterType) ([]*Tag, int) {
if q := findFilter.Q; q != nil && *q != "" { if q := findFilter.Q; q != nil && *q != "" {
searchColumns := []string{"tags.name"} searchColumns := []string{"tags.name"}
whereClauses = append(whereClauses, getSearch(searchColumns, *q)) clause, thisArgs := getSearchBinding(searchColumns, *q, false)
whereClauses = append(whereClauses, clause)
args = append(args, thisArgs...)
} }
sortAndPagination := qb.getTagSort(findFilter) + getPagination(findFilter) sortAndPagination := qb.getTagSort(findFilter) + getPagination(findFilter)