highperfocused/khatru
1
0
Fork 0
mirror of https://github.com/fiatjaf/khatru.git synced 2026-04-26 23:08:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: QueryEvents should skip ids that are not a valid 32 byte hex

Browse Source
This commit is contained in:
0x0ff
2022-12-28 11:42:16 +01:00
committed by fiatjaf
parent f2ab8020a8
commit af890590f3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
storage/postgresql/query.go
View File

@@ -32,7 +32,7 @@ func (b PostgresBackend) QueryEvents(filter *nostr.Filter) (events []nostr.Event
// to prevent sql attack here we will check if
// these ids are valid 32byte hex
parsed, err := hex.DecodeString(id)
if err != nil || len(parsed) <= 32 {
if err != nil || len(parsed) != 32 {
continue
}
likeids = append(likeids, fmt.Sprintf("id LIKE '%x%%'", parsed))