diff options
| author | Unknwon <joe2010xtmf@163.com> | 2014-10-25 07:50:19 -0400 |
|---|---|---|
| committer | Unknwon <joe2010xtmf@163.com> | 2014-10-25 07:50:19 -0400 |
| commit | 83283bca4cb4e0f4ec48a28af680f0d88db3d2c8 (patch) | |
| tree | 665b81c242a4d92811568367eb53dc3ba5eb1247 /models/issue.go | |
| parent | f1d87462642aa0ab4ce61e8a285e3a288b4dc119 (diff) | |
| download | gitea-83283bca4cb4e0f4ec48a28af680f0d88db3d2c8.tar.gz gitea-83283bca4cb4e0f4ec48a28af680f0d88db3d2c8.zip | |
Safe work
Diffstat (limited to 'models/issue.go')
| -rw-r--r-- | models/issue.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/models/issue.go b/models/issue.go index f16c2e256d..8004647c72 100644 --- a/models/issue.go +++ b/models/issue.go @@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, ",") { - sess.And("label_ids like '%$" + label + "|%'") + // Prevent SQL inject. + if com.StrTo(label).MustInt() > 0 { + sess.And("label_ids like '%$" + label + "|%'") + } } } |