Backport #23132 Unfortunately xorm's `builder.Select(...).From(...)` does not escape the table names. This is mostly not a problem but is a problem with the `user` table. This PR simply escapes the user table. No other uses of `From("user")` where found in the codebase so I think this should be all that is needed. Fix #23064 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
parent
a3694b6989
commit
27879bc45e
|
@ -778,7 +778,7 @@ func CountOrphanedLabels(ctx context.Context) (int64, error) {
|
||||||
norepo, err := db.GetEngine(ctx).Table("label").
|
norepo, err := db.GetEngine(ctx).Table("label").
|
||||||
Where(builder.And(
|
Where(builder.And(
|
||||||
builder.Gt{"repo_id": 0},
|
builder.Gt{"repo_id": 0},
|
||||||
builder.NotIn("repo_id", builder.Select("id").From("repository")),
|
builder.NotIn("repo_id", builder.Select("id").From("`repository`")),
|
||||||
)).
|
)).
|
||||||
Count()
|
Count()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -788,7 +788,7 @@ func CountOrphanedLabels(ctx context.Context) (int64, error) {
|
||||||
noorg, err := db.GetEngine(ctx).Table("label").
|
noorg, err := db.GetEngine(ctx).Table("label").
|
||||||
Where(builder.And(
|
Where(builder.And(
|
||||||
builder.Gt{"org_id": 0},
|
builder.Gt{"org_id": 0},
|
||||||
builder.NotIn("org_id", builder.Select("id").From("user")),
|
builder.NotIn("org_id", builder.Select("id").From("`user`")),
|
||||||
)).
|
)).
|
||||||
Count()
|
Count()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -809,7 +809,7 @@ func DeleteOrphanedLabels(ctx context.Context) error {
|
||||||
if _, err := db.GetEngine(ctx).
|
if _, err := db.GetEngine(ctx).
|
||||||
Where(builder.And(
|
Where(builder.And(
|
||||||
builder.Gt{"repo_id": 0},
|
builder.Gt{"repo_id": 0},
|
||||||
builder.NotIn("repo_id", builder.Select("id").From("repository")),
|
builder.NotIn("repo_id", builder.Select("id").From("`repository`")),
|
||||||
)).
|
)).
|
||||||
Delete(Label{}); err != nil {
|
Delete(Label{}); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -819,7 +819,7 @@ func DeleteOrphanedLabels(ctx context.Context) error {
|
||||||
if _, err := db.GetEngine(ctx).
|
if _, err := db.GetEngine(ctx).
|
||||||
Where(builder.And(
|
Where(builder.And(
|
||||||
builder.Gt{"org_id": 0},
|
builder.Gt{"org_id": 0},
|
||||||
builder.NotIn("org_id", builder.Select("id").From("user")),
|
builder.NotIn("org_id", builder.Select("id").From("`user`")),
|
||||||
)).
|
)).
|
||||||
Delete(Label{}); err != nil {
|
Delete(Label{}); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
Loading…
Reference in New Issue