From 09175b84df1754cd4201006ed9e02c00d59093ab Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Thu, 20 Feb 2020 07:18:40 +0900
Subject: [PATCH] Fix #6016

---
 src/server/api/endpoints/notes/search-by-tag.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/server/api/endpoints/notes/search-by-tag.ts b/src/server/api/endpoints/notes/search-by-tag.ts
index aaeec5ecf4..35404cbb5c 100644
--- a/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/src/server/api/endpoints/notes/search-by-tag.ts
@@ -6,6 +6,7 @@ import { Notes } from '../../../../models';
 import { generateMuteQuery } from '../../common/generate-mute-query';
 import { generateVisibilityQuery } from '../../common/generate-visibility-query';
 import { Brackets } from 'typeorm';
+import { safeForSql } from '../../../../misc/safe-for-sql';
 
 export const meta = {
 	desc: {
@@ -99,7 +100,7 @@ export default define(meta, async (ps, me) => {
 	if (me) generateMuteQuery(query, me);
 
 	if (ps.tag) {
-		if (/[\0\x08\x09\x1a\n\r"'\\\%]/g.test(ps.tag)) return;
+		if (!safeForSql(ps.tag)) return;
 		query.andWhere(`'{"${ps.tag.toLowerCase()}"}' <@ note.tags`);
 	} else {
 		let i = 0;
@@ -107,7 +108,8 @@ export default define(meta, async (ps, me) => {
 			for (const tags of ps.query!) {
 				qb.orWhere(new Brackets(qb => {
 					for (const tag of tags) {
-						qb.andWhere(`:tag${i} = ANY(note.tags)`, { [`tag${i}`]: tag.toLowerCase() });
+						if (!safeForSql(tag)) return;
+						qb.andWhere(`'{"${tag.toLowerCase()}"}' <@ note.tags`);
 						i++;
 					}
 				}));