Simon/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-06-28 14:56:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3071ad22d4a27cae4a2d53cf4881989198e94e1d
siyuan/kernel
History
Qiaochu Hu 3071ad22d4 🔒 Use parameterized queries in putStat to prevent SQL injection (#17658) 
The putStat function in kernel/sql/stat.go was building SQL queries
via string concatenation instead of using parameterized queries.
While currently only called with hardcoded internal values, this is
a defense-in-depth improvement that prevents future SQL injection
if the function is ever called with user-controlled input.

The execStmtTx helper already supports variadic args, so this is
a straightforward change to use ? placeholders.

Co-authored-by: Test User <test@example.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-10 19:24:21 +08:00
..
api
🎨 Harden RPC handling and improve error reporting in kernel plugin (#17655)
2026-05-09 19:38:54 +08:00
av
♻️ Replace interface{} with any (#17415)
2026-04-05 16:48:32 +08:00
bazaar
Support kernel plugin system (#17487)
2026-05-09 11:26:37 +08:00
cache
🎨 https://github.com/siyuan-note/siyuan/issues/17549
2026-04-20 11:32:41 +08:00
cmd
♻️ Replace interface{} with any (#17415)
2026-04-05 16:48:32 +08:00
conf
Shorthands on mobile https://github.com/siyuan-note/siyuan/issues/14414
2026-05-09 18:33:19 +08:00
filesys
🎨 Add a return value needFix to the removeUnescapedUnicodeNull function (#17579)
2026-04-23 11:47:36 +08:00
harmony
Shorthands on HarmonyOS https://github.com/siyuan-note/siyuan/issues/17654
2026-05-10 13:46:42 +08:00
job
🎨 Improve text https://github.com/siyuan-note/siyuan/issues/14414
2026-05-10 15:36:29 +08:00
mobile
Shorthands on mobile https://github.com/siyuan-note/siyuan/issues/14414
2026-05-09 18:33:19 +08:00
model
🎨 Improve text https://github.com/siyuan-note/siyuan/issues/14414
2026-05-10 15:36:29 +08:00
plugin
🎨 Harden RPC handling and improve error reporting in kernel plugin (#17655)
2026-05-09 19:38:54 +08:00
resource
search
♻️ kernel/search/find: modernize with wg.Go (#17289)
2026-03-21 11:53:41 +08:00
server
🔒 Fix path traversal vulnerability in /repo/diff/ endpoint (#17657)
2026-05-10 19:20:31 +08:00
sql
🔒 Use parameterized queries in putStat to prevent SQL injection (#17658)
2026-05-10 19:24:21 +08:00
task
♻️ Replace interface{} with any (#17415)
2026-04-05 16:48:32 +08:00
testdata
treenode
🎨 https://github.com/siyuan-note/siyuan/issues/17592
2026-04-29 09:28:35 +08:00
util
Shorthands on mobile https://github.com/siyuan-note/siyuan/issues/14414
2026-05-09 18:33:19 +08:00
entrypoint.sh
🎨 Support SIYUAN_WORKSPACE_PATH in Docker (#14286)
2025-03-05 17:24:27 +08:00
go.mod
Support kernel plugin system (#17487)
2026-05-09 11:26:37 +08:00
go.sum
Support kernel plugin system (#17487)
2026-05-09 11:26:37 +08:00
main.go
Support kernel plugin system (#17487)
2026-05-09 11:26:37 +08:00
versioninfo.json
🎨 Improve kernel program meta props
2025-10-04 14:15:03 +08:00