Sanitize channel id search
This commit is contained in:
parent
caa8cfbc0e
commit
ee2d8f8c5a
@ -80,7 +80,7 @@ class ChannelsApi {
|
|||||||
|
|
||||||
public async $searchChannelsById(search: string): Promise<any[]> {
|
public async $searchChannelsById(search: string): Promise<any[]> {
|
||||||
try {
|
try {
|
||||||
const searchStripped = search.replace('%', '') + '%';
|
const searchStripped = search.replace(/[^0-9x]/g, '') + '%';
|
||||||
const query = `SELECT id, short_id, capacity, status FROM channels WHERE id LIKE ? OR short_id LIKE ? LIMIT 10`;
|
const query = `SELECT id, short_id, capacity, status FROM channels WHERE id LIKE ? OR short_id LIKE ? LIMIT 10`;
|
||||||
const [rows]: any = await DB.query(query, [searchStripped, searchStripped]);
|
const [rows]: any = await DB.query(query, [searchStripped, searchStripped]);
|
||||||
return rows;
|
return rows;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user