From ee2d8f8c5a4d42c2ef3700cc56b92caa3cc28637 Mon Sep 17 00:00:00 2001
From: softsimon <softsimon@protonmail.com>
Date: Mon, 24 Jul 2023 13:21:06 +0900
Subject: [PATCH] Sanitize channel id search

---
 backend/src/api/explorer/channels.api.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/api/explorer/channels.api.ts b/backend/src/api/explorer/channels.api.ts
index ab29ed2c2..0b1b914fd 100644
--- a/backend/src/api/explorer/channels.api.ts
+++ b/backend/src/api/explorer/channels.api.ts
@@ -80,7 +80,7 @@ class ChannelsApi {
 
   public async $searchChannelsById(search: string): Promise<any[]> {
     try {
-      const searchStripped = search.replace('%', '') + '%';
+      const searchStripped = search.replace(/[^0-9x]/g, '') + '%';
       const query = `SELECT id, short_id, capacity, status FROM channels WHERE id LIKE ? OR short_id LIKE ? LIMIT 10`;
       const [rows]: any = await DB.query(query, [searchStripped, searchStripped]);
       return rows;