Merge branch 'develop'

This commit is contained in:
syuilo 2023-02-04 18:22:08 +09:00
commit 9d84214462
4 changed files with 15 additions and 3 deletions

View File

@ -9,6 +9,11 @@
You should also include the user name that made the change.
-->
## 13.3.3 (2023/02/04)
### Bugfixes
- Server: improve security
## 13.3.2 (2023/02/04)
### Improvements

View File

@ -1023,17 +1023,23 @@ _achievements:
title: "定期联系Ⅲ"
description: "总登录天数400天"
_login500:
title: "老熟人Ⅰ"
description: "总登录天数500天"
flavor: "诸君,我喜欢贴文"
_login600:
title: "老熟人Ⅱ"
description: "总登录天数600天"
_login700:
title: "老熟人Ⅲ"
description: "总登录天数700天"
_login800:
title: "帖子大师Ⅰ"
description: "总登录天数800天"
_login900:
title: "帖子大师Ⅱ"
description: "总登录天数900天"
_login1000:
title: "帖子大师Ⅲ"
description: "总登录天数1000天"
flavor: "感谢您使用Misskey"
_noteClipped1:
@ -1086,6 +1092,7 @@ _achievements:
title: "信号塔"
description: "拥有超过500名关注者"
_followers1000:
title: "大影响家"
description: "拥有超过1000名关注者"
_collectAchievements30:
title: "成就收藏家"

View File

@ -1,6 +1,6 @@
{
"name": "misskey",
"version": "13.3.2",
"version": "13.3.3",
"codename": "nasubi",
"repository": {
"type": "git",

View File

@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
try {
if (ps.tag) {
if (!safeForSql(ps.tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
} else {
query.andWhere(new Brackets(qb => {
for (const tags of ps.query!) {
qb.orWhere(new Brackets(qb => {
for (const tag of tags) {
if (!safeForSql(tag)) throw 'Injection';
if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
}
}));