From 6bed4bfb7b1ad2001f3930f20134992e70715295 Mon Sep 17 00:00:00 2001
From: Ricardo Garim <rswarovsky@gmail.com>
Date: Mon, 21 Oct 2024 14:00:41 -0300
Subject: [PATCH] regression: allow specific routes to receive query attr

---
 apps/meteor/app/api/server/helpers/parseJsonQuery.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/meteor/app/api/server/helpers/parseJsonQuery.ts b/apps/meteor/app/api/server/helpers/parseJsonQuery.ts
index 807f72080e4bb..f96e3a46f7fbf 100644
--- a/apps/meteor/app/api/server/helpers/parseJsonQuery.ts
+++ b/apps/meteor/app/api/server/helpers/parseJsonQuery.ts
@@ -107,8 +107,16 @@ export async function parseJsonQuery(api: PartialThis): Promise<{
 		}
 	}
 
+	const allowedRoutes = [
+		'/api/v1/settings.public',
+		'/api/v1/directory',
+		'/api/v1/channels.messages',
+		'/api/v1/groups.messages',
+		'/api/v1/dm.messages',
+		'/api/v1/im.messages',
+	];
 	let query: Record<string, any> = {};
-	if (params.query && isUnsafeQueryParamsAllowed) {
+	if (params.query && (isUnsafeQueryParamsAllowed || allowedRoutes.includes(route))) {
 		apiDeprecationLogger.parameter(route, 'query', '8.0.0', response, messageGenerator);
 		try {
 			query = ejson.parse(params.query);