Skip to content
Snippets Groups Projects
Unverified Commit 2c0bb1b1 authored by Diego Sampaio's avatar Diego Sampaio Committed by GitHub
Browse files

regression: Escape regex for moderation dashboard filters (#29214)

parent a3417297
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/meteor/app/api/server/v1/moderation.ts
+ 15
4
View file @ 2c0bb1b1
...@@ -8,6 +8,7 @@ import { ...@@ -8,6 +8,7 @@ import {
} from '@rocket.chat/rest-typings'; } from '@rocket.chat/rest-typings';
import { ModerationReports, Users, Messages } from '@rocket.chat/models'; import { ModerationReports, Users, Messages } from '@rocket.chat/models';
import type { IModerationReport } from '@rocket.chat/core-typings'; import type { IModerationReport } from '@rocket.chat/core-typings';
import { escapeRegExp } from '@rocket.chat/string-helpers';
import { API } from '../api'; import { API } from '../api';
import { deleteReportedMessages } from '../../../../server/lib/moderation/deleteReportedMessages'; import { deleteReportedMessages } from '../../../../server/lib/moderation/deleteReportedMessages';
...@@ -32,7 +33,9 @@ API.v1.addRoute( ...@@ -32,7 +33,9 @@ API.v1.addRoute(
const latest = _latest ? new Date(_latest) : new Date(); const latest = _latest ? new Date(_latest) : new Date();
const oldest = _oldest ? new Date(_oldest) : new Date(0); const oldest = _oldest ? new Date(_oldest) : new Date(0);
const reports = await ModerationReports.findReportsGroupedByUser(latest, oldest, selector, { offset, count, sort }).toArray(); const escapedSelector = escapeRegExp(selector);
const reports = await ModerationReports.findReportsGroupedByUser(latest, oldest, escapedSelector, { offset, count, sort }).toArray();
if (reports.length === 0) { if (reports.length === 0) {
return API.v1.success({ return API.v1.success({
...@@ -43,7 +46,7 @@ API.v1.addRoute( ...@@ -43,7 +46,7 @@ API.v1.addRoute(
}); });
} }
const total = await ModerationReports.countReportsInRange(latest, oldest, selector); const total = await ModerationReports.countReportsInRange(latest, oldest, escapedSelector);
return API.v1.success({ return API.v1.success({
reports, reports,
...@@ -75,7 +78,13 @@ API.v1.addRoute( ...@@ -75,7 +78,13 @@ API.v1.addRoute(
return API.v1.failure('error-invalid-user'); return API.v1.failure('error-invalid-user');
} }
const { cursor, totalCount } = ModerationReports.findReportedMessagesByReportedUserId(userId, selector, { offset, count, sort }); const escapedSelector = escapeRegExp(selector);
const { cursor, totalCount } = ModerationReports.findReportedMessagesByReportedUserId(userId, escapedSelector, {
offset,
count,
sort,
});
const [reports, total] = await Promise.all([cursor.toArray(), totalCount]); const [reports, total] = await Promise.all([cursor.toArray(), totalCount]);
...@@ -203,7 +212,9 @@ API.v1.addRoute( ...@@ -203,7 +212,9 @@ API.v1.addRoute(
const { sort } = await this.parseJsonQuery(); const { sort } = await this.parseJsonQuery();
const { selector = '' } = this.queryParams; const { selector = '' } = this.queryParams;
const { cursor, totalCount } = ModerationReports.findReportsByMessageId(msgId, selector, { count, sort, offset }); const escapedSelector = escapeRegExp(selector);
const { cursor, totalCount } = ModerationReports.findReportsByMessageId(msgId, escapedSelector, { count, sort, offset });
const [reports, total] = await Promise.all([cursor.toArray(), totalCount]); const [reports, total] = await Promise.all([cursor.toArray(), totalCount]);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment