From 4a33829f116e0e37fc4704d25e6452c5fe23d9b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-S=C3=A9bastien=20Herbaux?=
 <jean-sebastien.herbaux@epitech.eu>
Date: Mon, 16 Nov 2020 12:55:35 +0100
Subject: [PATCH] Sanitize /upload/search/:q route (#8658)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
---
 packages/strapi-plugin-upload/controllers/Upload.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/strapi-plugin-upload/controllers/Upload.js b/packages/strapi-plugin-upload/controllers/Upload.js
index c22a67c78a..ce9e98d3a2 100644
--- a/packages/strapi-plugin-upload/controllers/Upload.js
+++ b/packages/strapi-plugin-upload/controllers/Upload.js
@@ -8,6 +8,7 @@
 const _ = require('lodash');
 const apiUploadController = require('./upload/api');
 const adminUploadController = require('./upload/admin');
+const { sanitizeEntity } = require('strapi-utils');
 
 const resolveController = ctx => {
   const {
@@ -66,10 +67,12 @@ module.exports = {
 
   async search(ctx) {
     const { id } = ctx.params;
-
-    ctx.body = await strapi.query('file', 'upload').custom(searchQueries)({
+    const model = strapi.getModel('file', 'upload');
+    const entries = await strapi.query('file', 'upload').custom(searchQueries)({
       id,
     });
+
+    ctx.body = sanitizeEntity(entries, { model });
   },
 };