Re: [GRASS-dev] [GRASS GIS] #2252: wxGUI vector digitizer passing unescaped text to database

GRASS GIS Wed, 11 Feb 2015 16:02:58 -0800

#2252: wxGUI vector digitizer passing unescaped text to database
-----------------------------------------------------------------------------+
 Reporter:  marisn                                                           |  
     Owner:  grass-dev@…              
     Type:  defect                                                           |  
    Status:  new                      
 Priority:  blocker                                                          |  
 Milestone:  7.0.0                    
Component:  wxGUI                                                            |  
   Version:  svn-trunk                
 Keywords:  security, code injection, SQL injection, data loss, v.db.update  |  
  Platform:  Unspecified              
      Cpu:  Unspecified                                                      |  
-----------------------------------------------------------------------------+


Comment(by mlennert):

 I can't reproduce this bug. I've tried with different SQL texts and they
 all are just put into the text field in the attribute table.

 Maris, can you still confirm this bug ?

-- 
Ticket URL: <http://trac.osgeo.org/grass/ticket/2252#comment:4>
GRASS GIS <http://grass.osgeo.org>

_______________________________________________
grass-dev mailing list
grass-dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/grass-dev

Re: [GRASS-dev] [GRASS GIS] #2252: wxGUI vector digitizer passing unescaped text to database

Reply via email to