Dear all,
https://osgeo-org.atlassian.net/browse/GEOT-6266
I've recently run into GEOT-6266 attempting to use the GeoPackage export
plugin with GeoServer 2.23.1, since some of our layer names contain hyphens.
Looking at the relevant code in GeoPackage.java this could be resolved
by quoting t
We always welcome PRs for open issues. This sounds as if there is a general
potential for SQL injection in the layer names that we should be protecting
against,
Ian
On Wed, 14 Jun 2023 at 10:09, Mike Bryant via GeoTools-Devel <
geotools-devel@lists.sourceforge.net> wrote:
> Dear all,
>
> https:/
The layer names are vetted against the list of available feature types in
the store,
before being used, so sql injection, at least in GeoServer, should not be
possible (finger crossed).
Mind, the PR should address the main branch first, which might contain
slightly different SQL
than the one you'r
