Re: [Savoirfairelinux-openerp] [Merge] lp:~savoirfairelinux-openerp/knowledge-addons/cmis_read into lp:knowledge-addons/7.0

[Sandy Carter (http://www.savoirfairelinux.com)]

Review: Needs Fixing

l.469,502: Queries are still not fully sanitized, any quotes or percent sizes 
in the input will result in unexpected behaviour. This is a security risk and a 
major bug potential.
I highly recommend you to add a function to sanitize input in the cmis module 
for queries and follow the documentation from 
http://wiki.alfresco.com/wiki/CMIS_Query_Language#Literals

Basic escaping:

    \\ represents \
    \' represents '

In addition to basic escaping, in LIKE expressions

    \% represents %
    \_ represents _

-- 
https://code.launchpad.net/~savoirfairelinux-openerp/knowledge-addons/cmis_read/+merge/212260
Your team Savoir-faire Linux' OpenERP is subscribed to branch 
lp:~savoirfairelinux-openerp/knowledge-addons/cmis_read.

-- 
Mailing list: https://launchpad.net/~savoirfairelinux-openerp
Post to     : savoirfairelinux-openerp@lists.launchpad.net
Unsubscribe : https://launchpad.net/~savoirfairelinux-openerp
More help   : https://help.launchpad.net/ListHelp