machankura/mempool
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitize channel id search

Browse Source
This commit is contained in:
softsimon 2023-07-24 13:21:06 +09:00
parent caa8cfbc0e
commit ee2d8f8c5a
No known key found for this signature in database
GPG Key ID: 488D7DCFB5A430D7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/api/explorer/channels.api.ts
View File

@ -80,7 +80,7 @@ class ChannelsApi {
public async $searchChannelsById(search: string): Promise<any[]> { public async $searchChannelsById(search: string): Promise<any[]> {
try { try {
const searchStripped = search.replace('%', '') + '%'; const searchStripped = search.replace(/[^0-9x]/g, '') + '%';
const query = `SELECT id, short_id, capacity, status FROM channels WHERE id LIKE ? OR short_id LIKE ? LIMIT 10`; const query = `SELECT id, short_id, capacity, status FROM channels WHERE id LIKE ? OR short_id LIKE ? LIMIT 10`;
const [rows]: any = await DB.query(query, [searchStripped, searchStripped]); const [rows]: any = await DB.query(query, [searchStripped, searchStripped]);
return rows; return rows;