fix(backend): SQLのサニタイズを強化 (#14920)

kakkokari-gtyih · u1-liquid · web-flow · commit 98b4717c45a5 · 2024-11-09T10:51:28.000+09:00
* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c) * ✌️ --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
diff --git a/packages/backend/src/misc/sql-like-escape.ts b/packages/backend/src/misc/sql-like-escape.ts
@@ -4,5 +4,5 @@
  */
 
 export function sqlLikeEscape(s: string) {
-	return s.replace(/([%_])/g, '\\$1');
+	return s.replace(/([\\%_])/g, '\\$1');
 }

Original file line number	Diff line number	Diff line change
`@@ -4,5 +4,5 @@`
`4`	`4`	`*/`
`5`	`5`
`6`	`6`	`export function sqlLikeEscape(s: string) {`
`7`		`- return s.replace(/([%_])/g, '\\$1');`
	`7`	`+ return s.replace(/([\\%_])/g, '\\$1');`
`8`	`8`	`}`