rmalley
/
smr
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
smr/src/lua/endpoints/api_get.lua

44 lines
1.1 KiB
Lua
Raw Blame History

local cache = require("cache")
local sql = require("lsqlite3")
local db = require("db")
local queries = require("queries")
local util = require("util")
local stmnt_tags_get
local oldconfigure = configure
function configure(...)
stmnt_tags_get = util.sqlassert(db.conn:prepare(queries.select_suggest_tags))
return oldconfigure(...)
end
local function suggest_tags(req,data)
stmnt_tags_get:bind_names{
match = data .. "%"
}
local tags = {data}
for tag in stmnt_tags_get:rows() do
table.insert(tags,tag[1])
end
stmnt_tags_get:reset()
http_response_header(req,"Content-Type","text/plain")
http_response(req,200,table.concat(tags,";"))
end
local function api_get(req)
http_request_populate_qs(req)
local call = assert(http_argument_get_string(req,"call"))
local data = assert(http_argument_get_string(req,"data"))
local body
if call == "suggest" then
--[[
Prevent a malicious user from injecting '%' into the string
we're searching for, potentially causing a DoS with a
sufficiently backtrack-ey search/tag combination.
]]
assert(data:match("^[a-zA-Z0-9,%s-]+$"),"Bad characters in tag")
return suggest_tags(req,data)
end
end
return api_get
Reference in New Issue View Git Blame Copy Permalink