mirror of
https://github.com/umami-software/umami.git
synced 2026-02-20 04:25:39 +01:00
Sanitize eventdata.
This commit is contained in:
Brian Cao
parent
509739fc9a
commit
e6a6222088
3 changed files with 35 additions and 12 deletions
|
|
@ -97,6 +97,16 @@ function getTimestampInterval(field) {
|
|||
}
|
||||
}
|
||||
|
||||
function getSanitizedColumns(columns) {
|
||||
return Object.keys(columns).reduce((acc, keyName) => {
|
||||
const sanitizedProperty = keyName.replace(/[^\w\s_]/g, '');
|
||||
|
||||
acc[sanitizedProperty] = columns[keyName];
|
||||
|
||||
return acc;
|
||||
}, {});
|
||||
}
|
||||
|
||||
function getJsonField(column, property, isNumber, params) {
|
||||
const db = getDatabaseType(process.env.DATABASE_URL);
|
||||
|
||||
|
|
@ -113,9 +123,7 @@ function getJsonField(column, property, isNumber, params) {
|
|||
}
|
||||
|
||||
if (db === MYSQL) {
|
||||
params.push(`$.?${params.length}`);
|
||||
|
||||
return `${column} ->> ${params.length}`;
|
||||
return `${column} ->> '$.${property}'`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -276,6 +284,7 @@ export default {
|
|||
getFilterQuery,
|
||||
getEventDataColumnsQuery,
|
||||
getEventDataFilterQuery,
|
||||
getSanitizedColumns,
|
||||
parseFilters,
|
||||
rawQuery,
|
||||
transaction,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue