#2252: wxGUI vector digitizer passing unescaped text to database -------------------------+------------------------------------------------- Reporter: marisn | Owner: grass-dev@… Type: defect | Status: new Priority: critical | Milestone: 7.0.5 Component: wxGUI | Version: svn-trunk Resolution: | Keywords: security, code injection, SQL CPU: | injection, data loss, v.db.update Unspecified | Platform: Unspecified -------------------------+-------------------------------------------------
Comment (by annakrat): Replying to [comment:14 annakrat]: > In [changeset:"69153" 69153]: > {{{ > #!CommitTicketReference repository="" revision="69153" > wxGUI: escape single quotes when editing attributes from GUI, see #2252 > }}} This deals with single quotes only, no security issue is solved by this. So please test, I can backport it and decide what else to do with this ticket. We should at least downgrade the priority if not close it at all. -- Ticket URL: <https://trac.osgeo.org/grass/ticket/2252#comment:15> GRASS GIS <https://grass.osgeo.org> _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev