[opencode] VULN-117372 Fix SQL injection vulnerability in durable-chat-template (#958)

Author: kale-stew

durable-chat-template/src/server/index.ts

@@ -54,14 +54,15 @@ export class Chat extends Server<Env> {
 			this.messages.push(message);
 		}
 
+		// Use parameterized queries to prevent SQL injection
 		this.ctx.storage.sql.exec(
-			`INSERT INTO messages (id, user, role, content) VALUES ('${
-				message.id
-			}', '${message.user}', '${message.role}', ${JSON.stringify(
-				message.content,
-			)}) ON CONFLICT (id) DO UPDATE SET content = ${JSON.stringify(
-				message.content,
-			)}`,
+			`INSERT INTO messages (id, user, role, content) VALUES (?, ?, ?, ?)
+			 ON CONFLICT (id) DO UPDATE SET content = ?`,
+			message.id,
+			message.user,
+			message.role,
+			message.content,
+			message.content,
 		);
 	}