From cd6d64c240bffa703292d7d51db23372c289b47f Mon Sep 17 00:00:00 2001
From: Avris <andre@avris.it>
Date: Wed, 11 Aug 2021 23:29:41 +0200
Subject: [PATCH] [sec] remove apostrophes from keys

---
 server/routes/nouns.js   | 4 ++--
 server/routes/sources.js | 2 +-
 server/routes/terms.js   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/routes/nouns.js b/server/routes/nouns.js
index 7068db05..91e91f57 100644
--- a/server/routes/nouns.js
+++ b/server/routes/nouns.js
@@ -3,7 +3,7 @@ import SQL from 'sql-template-strings';
 import {ulid} from "ulid";
 import {createCanvas, loadImage, registerFont} from "canvas";
 import {loadSuml} from "../loader";
-import {handleErrorAsync, isTroll} from "../../src/helpers";
+import {clearKey, handleErrorAsync, isTroll} from "../../src/helpers";
 import { caches } from "../../src/cache";
 
 const translations = loadSuml('translations');
@@ -28,7 +28,7 @@ const approve = async (db, id) => {
 const addVersions = async (req, nouns) => {
     const keys = new Set();
     nouns.filter(s => !!s && s.sources)
-        .forEach(s => s.sources.split(',').forEach(k => keys.add(`'` + k.split('#')[0] + `'`)));
+        .forEach(s => s.sources.split(',').forEach(k => keys.add(`'` + clearKey(k.split('#')[0]) + `'`)));
 
     const sources = await req.db.all(SQL`
         SELECT s.*, u.username AS submitter FROM sources s
diff --git a/server/routes/sources.js b/server/routes/sources.js
index 780861b6..563a3b9d 100644
--- a/server/routes/sources.js
+++ b/server/routes/sources.js
@@ -20,7 +20,7 @@ const approve = async (db, id) => {
 }
 
 const linkOtherVersions = async (req, sources) => {
-    const keys = new Set(sources.filter(s => !!s && s.key).map(s => `'` + s.key + `'`));
+    const keys = new Set(sources.filter(s => !!s && s.key).map(s => `'` + clearKey(s.key) + `'`));
 
     const otherVersions = await req.db.all(SQL`
         SELECT s.*, u.username AS submitter FROM sources s
diff --git a/server/routes/terms.js b/server/routes/terms.js
index d8ae38a4..ebaee682 100644
--- a/server/routes/terms.js
+++ b/server/routes/terms.js
@@ -22,7 +22,7 @@ const approve = async (db, id) => {
 }
 
 const linkOtherVersions = async (req, terms) => {
-    const keys = new Set(terms.filter(s => !!s && s.key).map(s => `'` + s.key + `'`));
+    const keys = new Set(terms.filter(s => !!s && s.key).map(s => `'` + clearKey(s.key) + `'`));
 
     const otherVersions = await req.db.all(SQL`
         SELECT t.*, u.username AS author FROM terms t