fix(backend): SQLのサニタイズを強化 (#14920)

* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c) * ✌️ --------- Co-authored-by: あわわわとーにゅ <[email protected]>
misskey-dev · Nov 9, 2024 · 98b4717 · 98b4717
1 parent 8a4ce16
commit 98b4717
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/backend/src/misc/sql-like-escape.ts b/packages/backend/src/misc/sql-like-escape.ts
@@ -4,5 +4,5 @@
  */
 
 export function sqlLikeEscape(s: string) {
-	return s.replace(/([%_])/g, '\\$1');
+	return s.replace(/([\\%_])/g, '\\$1');
 }