Safe work

2014-10-25 07:50:19 -04:00 · 2014-10-25 07:50:19 -04:00 · 83283bca4c
commit 83283bca4c
parent f1d8746264
6 changed files with 40 additions and 16 deletions
--- a/models/issue.go
+++ b/models/issue.go
@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort

 	if len(labelIds) > 0 {
 		for _, label := range strings.Split(labelIds, ",") {
-			sess.And("label_ids like '%$" + label + "|%'")
+			// Prevent SQL inject.
+			if com.StrTo(label).MustInt() > 0 {
+				sess.And("label_ids like '%$" + label + "|%'")
+			}
 		}
 	}