siyuan/kernel/sql at 3071ad22d4a27cae4a2d53cf4881989198e94e1d - siyuan - Gitea: Git with a cup of tea

Simon/siyuan

mirror of https://github.com/siyuan-note/siyuan.git synced 2026-06-29 07:15:48 +00:00

Files

History

Qiaochu Hu 3071ad22d4 🔒 Use parameterized queries in putStat to prevent SQL injection (#17658 )

The putStat function in kernel/sql/stat.go was building SQL queries
via string concatenation instead of using parameterized queries.
While currently only called with hardcoded internal values, this is
a defense-in-depth improvement that prevents future SQL injection
if the function is ever called with user-controlled input.

The execStmtTx helper already supports variadic args, so this is
a straightforward change to use ? placeholders.

Co-authored-by: Test User <test@example.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-10 19:24:21 +08:00

..

asset_content_query.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

asset_content.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

asset.go

♻️ Code style: unused function (#17307 )

2026-03-22 12:19:44 +08:00

attribute.go

🎨 Update slogan Refactor your thinking https://github.com/siyuan-note/siyuan/issues/8608

2023-06-24 20:39:55 +08:00

av_gallery.go

🐛 Images in the database assets fields are not displaying https://github.com/siyuan-note/siyuan/issues/17368

2026-03-31 22:05:01 +08:00

av_kanban.go

🐛 Images in the database assets fields are not displaying https://github.com/siyuan-note/siyuan/issues/17368

2026-03-31 22:05:01 +08:00

av_table.go

🎨 Add Include time switch to database creation time field and update time field https://github.com/siyuan-note/siyuan/issues/12091

2025-11-10 18:12:36 +08:00

av.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

block_query.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

block_ref_query.go

🎨 Clean code

2026-03-17 20:15:57 +08:00

block_ref.go

♻️ Refactor Go to err != nil, err == nil (#12385 )

2024-09-04 09:40:50 +08:00

block.go

🐛 Correct the FTS target table branch of indexNode https://github.com/siyuan-note/siyuan/issues/17536 (#17557 )

2026-04-20 23:22:17 +08:00

cache.go

⚡ Improve ristretto NumCounters

2026-04-15 21:56:43 +08:00

database.go

🎨 add WAL persistence for database index queue to improve data indexing stability https://github.com/siyuan-note/siyuan/issues/17610

2026-04-29 21:45:55 +08:00

file_annotation_ref.go

🎨 Backlink count at the doc block title including sub-blocks https://github.com/siyuan-note/siyuan/issues/13791

2025-01-12 21:19:27 +08:00

history.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

queue_asset_content.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

queue_history.go

♻️ Replace interface{} with any (#17415 )

2026-04-05 16:48:32 +08:00

queue_wal.go

🎨 add WAL persistence for database index queue to improve data indexing stability https://github.com/siyuan-note/siyuan/issues/17610

2026-04-29 21:45:55 +08:00

queue.go

🎨 add WAL persistence for database index queue to improve data indexing stability https://github.com/siyuan-note/siyuan/issues/17610

2026-04-29 21:45:55 +08:00

span.go

🎨 Parameterized label query statements and escaping LIKE wildcards (#17416 )

2026-04-06 09:30:04 +08:00

stat.go

🔒 Use parameterized queries in putStat to prevent SQL injection (#17658 )

2026-05-10 19:24:21 +08:00

upsert.go

🎨 https://github.com/siyuan-note/siyuan/issues/17536 https://github.com/siyuan-note/siyuan/issues/5889

2026-04-19 11:42:43 +08:00