diff --git a/src/db/roomstore.ts b/src/db/roomstore.ts index 5d61937135217419ae2010e8d30406f534b56d41..804dd4f804ab71b0cc05ab30d9c4af7f52b6e724 100644 --- a/src/db/roomstore.ts +++ b/src/db/roomstore.ts @@ -19,7 +19,6 @@ import { IDatabaseConnector } from "./connector"; import * as uuid from "uuid/v4"; const log = new Log("DbRoomStore"); -const ROOM_ID_REGEX = /!([A-z]|_)+:(\d|[A-z]|-|\.|\:)+/; /** * A RoomStore compatible with @@ -188,17 +187,10 @@ export class DbRoomStore { } public async getEntriesByMatrixIds(matrixIds: string[]): Promise<IRoomStoreEntry[]> { - // Validate matrixIds to prevent injections. - matrixIds = matrixIds.filter((id) => { - if (!ROOM_ID_REGEX.exec(id)) { - log.warn(`${id} was excluded for not looking like a real roomID`); - return false; - } - return true; - }); - const entries = await this.db.All( - `SELECT * FROM room_entries WHERE matrix_id IN ('${matrixIds.join("','")}')`, - ); + const mxIdMap = { }; + matrixIds.forEach((mxId, i) => mxIdMap[i] = mxId); + const sql = `SELECT * FROM room_entries WHERE matrix_id IN (${matrixIds.map((_, id) => `\$${id}`).join(", ")})`; + const entries = await this.db.All(sql, mxIdMap); const res: IRoomStoreEntry[] = []; for (const entry of entries) { let remote: RemoteStoreRoom|null = null;