LP#
2023222: prevent open-ils.fielder.$IDLCLASS from invoking function transforms
This patch adds some argument checking to the family of
open-ils.fielder.$IDLCLASS[.atomic] methods to prevent
JSON query funcion transforms from being invoked. This
is needed to prevent unauthenticated callers from invoking
arbitrary stored procedures.
This is a security patch that closes down a pathway
towards remote, unauthenticated SQL injection attacks.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
projects / evergreen / pines.git / commit