redash icon indicating copy to clipboard operation
redash copied to clipboard

Published 20 hours ago verified publisher icon getredash

Fix query create update json sanitize

Open rymut opened this issue 5 months ago • 0 comments
trafficstars

What type of PR is this?

  • [ ] Refactor
  • [ ] Feature
  • [x] Bug Fix
  • [ ] New Query Runner (Data Source)
  • [ ] New Alert Destination
  • [ ] Other

Description

The query def post(self) methods did not sanitize input correctly, any user with modify access can update query owner when user_id is set (bug present during update/create) also updated_at might be not updated when skip_updated_at is present and set to True. During update when is_archived is set to True, created query is both a draft and archived at the same time.

How is this tested?

  • [x] Unit tests (pytest, jest)
  • [ ] E2E Tests (Cypress)
  • [ ] Manually
  • [ ] N/A

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

rymut avatar May 25 '25 19:05 rymut