9f3a31ddb3
Fix two issues in the discussion view command: 1. GraphQL injection via cursor interpolation: The --after cursor value was interpolated directly into the raw GraphQL query string using fmt.Sprintf, which is unsafe since cursor values come from user input. Now uses GraphQL variables ($cursor: String) instead, matching the pattern used by issue list, pr list, and other commands. 2. Incomplete --json comments output: Running `gh discussion view N --json comments` silently returned only totalCount with no comment nodes, because the data fetch was gated solely on the --comments flag. Now checks if the JSON exporter requests the comments field and fetches full comment data accordingly, matching how issue view and pr view drive data loading from exporter fields. Also fixes example text that said "newest" but showed --order oldest. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| client | ||
| list | ||
| shared | ||
| view | ||
| discussion.go | ||