From 831d3506536d0a98388e5ccdd97db03fe24d4a70 Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Thu, 7 Nov 2024 17:32:51 +0800
Subject: [PATCH] :lock: SQL injection security vulnerabilities
 https://github.com/siyuan-note/siyuan/issues/13077
 https://github.com/siyuan-note/siyuan/issues/13059

---
 kernel/model/asset_content.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/model/asset_content.go b/kernel/model/asset_content.go
index f41e3ef89..c22cecade 100644
--- a/kernel/model/asset_content.go
+++ b/kernel/model/asset_content.go
@@ -63,6 +63,9 @@ func GetAssetContent(id, query string, queryMethod int) (ret *AssetContent) {
 			query = stringQuery(query)
 		}
 	}
+	if !ast.IsNodeIDPattern(id) {
+		return
+	}
 
 	table := "asset_contents_fts_case_insensitive"
 	filter := " id = '" + id + "'"