mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-01-23 03:26:53 +08:00
bbaf918d74
Eliminates SQL injection vectors in the OpenDAL MySQL initialization logic by implementing strict input validation and explicit type casting. **Modifications:** 1. **`init_db_config`**: Enforced integer casting for `max_allowed_packet` before formatting it into the SQL string. 2. **`init_opendal_mysql_table`**: Implemented regex-based validation for `table_name` to ensure only alphanumeric characters and underscores are permitted, preventing arbitrary SQL command injection through configuration parameters. These changes ensure that even if configuration values are sourced from untrusted environments, the database initialization remains secure.