projects / evergreen / tadl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3c3595e) | patch
In oils_cstore.c:
authorscottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Wed, 18 Mar 2009 18:04:56 +0000 (18:04 +0000)
committerscottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Wed, 18 Mar 2009 18:04:56 +0000 (18:04 +0000)
commit906753bfa8a8d20cb0fc5abd0f1c33046b03fadd
tree4a47733d16184030fdd970dc9644bc7df531406ftree
parent3c3595ed3212f5c5db064bdf79a4216026344d6ccommit | diff
In oils_cstore.c:

1. Verify that the BETWEEN operator receives
exactly two operands.

2. Validate the operator used in a simple predicate;
i.e. make sure it contains no semicolons or white space
(with the exception that "similar to" is allowed).
Purpose: prevent certain kinds of SQL injection.

git-svn-id: svn://svn.open-ils.org/ILS/trunk@12584 dcc99617-32d9-48b4-a31d-7c20da2025e4
Open-ILS/src/c-apps/oils_cstore.c diff | blob | history
Evergreen working repo (TADL)