SQL: Escaping non alpha-numeric path variable names
Bug #633136 reported by
Samppa Saarela
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Querydsl |
Fix Released
|
Medium
|
Samppa Saarela | ||
Bug Description
It is possible to create paths with arbitrary expressions as names. These expression are serialized as such allowing SQL injection.
Variable names containing non-alpha-numeric letters should always be escaped.
| visibility: | private → public |
| summary: |
- Escaping non alpha-numeric path variable names + SQL: Escaping non alpha-numeric path variable names |
| Changed in querydsl: | |
| importance: | Undecided → Medium |
| Changed in querydsl: | |
| assignee: | nobody → Samppa Saarela (samppa-saarela) |
Revision history for this message
| Timo Westkämper (timo-westkamper) wrote | #1 |
| Changed in querydsl: | |
| status: | New → Fix Committed |
Revision history for this message
| Timo Westkämper (timo-westkamper) wrote | #2 |
| Changed in querydsl: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in SVN trunk