watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-12 08:37:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Cherry pick prisma query protection.

Browse source
This commit is contained in:
Brian Cao 2023-01-12 11:29:37 -08:00
parent 4c202741c2
commit 9a7385e4d5
9 changed files with 68 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

10
queries/analytics/event/getEventData.ts
View file

@ -38,17 +38,17 @@ async function relationalQuery(
},
) {
const { startDate, endDate, eventName, columns, filters } = data;
const { rawQuery, getEventDataColumnsQuery, getEventDataFilterQuery } = prisma;
const params = [startDate, endDate];
const { toUuid, rawQuery, getEventDataColumnsQuery, getEventDataFilterQuery } = prisma;
const params: any = [websiteId, startDate, endDate, eventName];
return rawQuery(
`select
${getEventDataColumnsQuery('event_data', columns)}
from website_event
where website_id ='${websiteId}'
and created_at between $1 and $2
where website_id = $1${toUuid()}
and created_at between $2 and $3
and event_type = ${EVENT_TYPE.customEvent}
${eventName ? `and eventName = ${eventName}` : ''}
${eventName ? `and eventName = $4` : ''}
${
Object.keys(filters).length > 0
? `and ${getEventDataFilterQuery('event_data', filters)}`