Merge branch 'develop'
This commit is contained in:
commit
9d84214462
4 changed files with 15 additions and 3 deletions
|
@ -9,6 +9,11 @@
|
||||||
You should also include the user name that made the change.
|
You should also include the user name that made the change.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
## 13.3.3 (2023/02/04)
|
||||||
|
|
||||||
|
### Bugfixes
|
||||||
|
- Server: improve security
|
||||||
|
|
||||||
## 13.3.2 (2023/02/04)
|
## 13.3.2 (2023/02/04)
|
||||||
|
|
||||||
### Improvements
|
### Improvements
|
||||||
|
|
|
@ -1023,17 +1023,23 @@ _achievements:
|
||||||
title: "定期联系Ⅲ"
|
title: "定期联系Ⅲ"
|
||||||
description: "总登录天数400天"
|
description: "总登录天数400天"
|
||||||
_login500:
|
_login500:
|
||||||
|
title: "老熟人Ⅰ"
|
||||||
description: "总登录天数500天"
|
description: "总登录天数500天"
|
||||||
flavor: "诸君,我喜欢贴文"
|
flavor: "诸君,我喜欢贴文"
|
||||||
_login600:
|
_login600:
|
||||||
|
title: "老熟人Ⅱ"
|
||||||
description: "总登录天数600天"
|
description: "总登录天数600天"
|
||||||
_login700:
|
_login700:
|
||||||
|
title: "老熟人Ⅲ"
|
||||||
description: "总登录天数700天"
|
description: "总登录天数700天"
|
||||||
_login800:
|
_login800:
|
||||||
|
title: "帖子大师Ⅰ"
|
||||||
description: "总登录天数800天"
|
description: "总登录天数800天"
|
||||||
_login900:
|
_login900:
|
||||||
|
title: "帖子大师Ⅱ"
|
||||||
description: "总登录天数900天"
|
description: "总登录天数900天"
|
||||||
_login1000:
|
_login1000:
|
||||||
|
title: "帖子大师Ⅲ"
|
||||||
description: "总登录天数1000天"
|
description: "总登录天数1000天"
|
||||||
flavor: "感谢您使用Misskey!"
|
flavor: "感谢您使用Misskey!"
|
||||||
_noteClipped1:
|
_noteClipped1:
|
||||||
|
@ -1086,6 +1092,7 @@ _achievements:
|
||||||
title: "信号塔"
|
title: "信号塔"
|
||||||
description: "拥有超过500名关注者"
|
description: "拥有超过500名关注者"
|
||||||
_followers1000:
|
_followers1000:
|
||||||
|
title: "大影响家"
|
||||||
description: "拥有超过1000名关注者"
|
description: "拥有超过1000名关注者"
|
||||||
_collectAchievements30:
|
_collectAchievements30:
|
||||||
title: "成就收藏家"
|
title: "成就收藏家"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "misskey",
|
"name": "misskey",
|
||||||
"version": "13.3.2",
|
"version": "13.3.3",
|
||||||
"codename": "nasubi",
|
"codename": "nasubi",
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
|
|
@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (ps.tag) {
|
if (ps.tag) {
|
||||||
if (!safeForSql(ps.tag)) throw 'Injection';
|
if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
|
||||||
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
|
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
|
||||||
} else {
|
} else {
|
||||||
query.andWhere(new Brackets(qb => {
|
query.andWhere(new Brackets(qb => {
|
||||||
for (const tags of ps.query!) {
|
for (const tags of ps.query!) {
|
||||||
qb.orWhere(new Brackets(qb => {
|
qb.orWhere(new Brackets(qb => {
|
||||||
for (const tag of tags) {
|
for (const tag of tags) {
|
||||||
if (!safeForSql(tag)) throw 'Injection';
|
if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
|
||||||
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
|
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
|
Loading…
Reference in a new issue