]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 536def6) | patch
Address SQL injection vulnerability in SQL ORM layer
authorMike Rylander <mrylander@gmail.com>
Fri, 5 Apr 2013 05:52:16 +0000 (01:52 -0400)
committerLebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Tue, 16 Apr 2013 22:04:06 +0000 (18:04 -0400)
commitdb5c664748bd73232b7b3e5ba8f683e9a0e2ce43
treea45353f5667bc8477f384e6e466352bca9381f1ftree
parent536def61c12b2add02d3245d7e563fd9aa9bb8fccommit | diff
Address SQL injection vulnerability in SQL ORM layer

If the user-supplied value and the db column are both numbers
(jsonObject->type == JSON_NUMBER, get_primitive(field) == "number") then
don't quote. Otherwise, quote.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS