projects / working / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fa46283) | patch
Address SQL injection vulnerability in SQL ORM layer
authorMike Rylander <mrylander@gmail.com>
Fri, 5 Apr 2013 05:52:16 +0000 (01:52 -0400)
committerBill Erickson <berick@esilibrary.com>
Wed, 17 Apr 2013 20:16:59 +0000 (16:16 -0400)
commitc7c13b2fb698bb8fb36c8041e05f4711ef0dc4c1
treef4c883b5ec80038d7633b8e01359b1b71f1f0e97tree
parentfa462835c2c605fcc0fbe742a1ca1ba3bf18160dcommit | diff
Address SQL injection vulnerability in SQL ORM layer

If the user-supplied value and the db column are both numbers
(jsonObject->type == JSON_NUMBER, get_primitive(field) == "number") then
don't quote. Otherwise, quote.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS