rogee/quyun-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: group keyword filters to avoid OR bypass

Browse Source
This commit is contained in:
Rogee
2026-01-12 10:28:41 +08:00
parent 9a8dd96b55
commit 75d13b5c4e
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/app/services/content.go
View File

@@ -11,6 +11,7 @@ import (
"quyun/v2/database/models"
"quyun/v2/pkg/consts"
"go.ipao.vip/gen/field"
"go.ipao.vip/gen/types"
"gorm.io/gorm"
)
@@ -24,7 +25,7 @@ func (s *content) List(ctx context.Context, tenantID int64, filter *content_dto.
// Filters
if filter.Keyword != nil && *filter.Keyword != "" {
keyword := "%" + *filter.Keyword + "%"
q = q.Where(tbl.Title.Like(keyword)).Or(tbl.Description.Like(keyword))
q = q.Where(field.Or(tbl.Title.Like(keyword), tbl.Description.Like(keyword)))
}
q = q.Where(tbl.Status.Eq(consts.ContentStatusPublished))
if tenantID > 0 {