diff options
Diffstat (limited to 'models/issue.go')
| -rw-r--r-- | models/issue.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/models/issue.go b/models/issue.go index f16c2e256d..8004647c72 100644 --- a/models/issue.go +++ b/models/issue.go @@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, ",") { - sess.And("label_ids like '%$" + label + "|%'") + // Prevent SQL inject. + if com.StrTo(label).MustInt() > 0 { + sess.And("label_ids like '%$" + label + "|%'") + } } } |