From af890590f3b983027c537adac59e743680e42783 Mon Sep 17 00:00:00 2001
From: 0x0ff <0x0ff@onsats.org>
Date: Wed, 28 Dec 2022 11:42:16 +0100
Subject: [PATCH] fix: QueryEvents should skip ids that are not a valid 32 byte
 hex

---
 storage/postgresql/query.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgresql/query.go b/storage/postgresql/query.go
index 8ead377..c7f173e 100644
--- a/storage/postgresql/query.go
+++ b/storage/postgresql/query.go
@@ -32,7 +32,7 @@ func (b PostgresBackend) QueryEvents(filter *nostr.Filter) (events []nostr.Event
 			// to prevent sql attack here we will check if
 			// these ids are valid 32byte hex
 			parsed, err := hex.DecodeString(id)
-			if err != nil || len(parsed) <= 32 {
+			if err != nil || len(parsed) != 32 {
 				continue
 			}
 			likeids = append(likeids, fmt.Sprintf("id LIKE '%x%%'", parsed))