fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961)

2024-03-01 16:52:05 +01:00
parent 9c85e63354
commit cbefe770a7
2 changed files with 26 additions and 1 deletions
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -2656,7 +2656,7 @@ function literalizeRegexPart(s: string) {
    .replace(/([^\\])(\\Q)/, '$1')
    .replace(/^\\E/, '')
    .replace(/^\\Q/, '')
-    .replace(/([^'])'/, `$1''`)
+    .replace(/([^'])'/g, `$1''`)
    .replace(/^'([^'])/, `''$1`);
 }