mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-22 10:15:35 +01:00
fix quota dao sql injection
Signed-off-by: Wang Yan <wangyan@vmware.com>
This commit is contained in:
parent
21d35f9702
commit
496a178eb3
@ -17,6 +17,7 @@ package dao
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/lib/pq"
|
||||
"strings"
|
||||
|
||||
"github.com/goharbor/harbor/src/lib/orm"
|
||||
@ -104,7 +105,7 @@ func listOrderBy(query *q.Query) string {
|
||||
if strings.HasPrefix(sort, prefix) {
|
||||
resource := strings.TrimPrefix(sort, prefix)
|
||||
if types.IsValidResource(types.ResourceName(resource)) {
|
||||
field := fmt.Sprintf("%s->>'%s'", strings.TrimSuffix(prefix, "."), resource)
|
||||
field := fmt.Sprintf("%s->>%s", strings.TrimSuffix(prefix, "."), pq.QuoteLiteral(resource))
|
||||
orderBy = fmt.Sprintf("(%s) %s", castQuantity(field), order)
|
||||
break
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user