[GRASS-dev] [GRASS GIS] #2252: wxGUI vector digitizer passing unescaped text to database
GRASS GIS
trac at osgeo.org
Wed Feb 11 16:02:37 PST 2015
#2252: wxGUI vector digitizer passing unescaped text to database
-----------------------------------------------------------------------------+
Reporter: marisn | Owner: grass-dev@…
Type: defect | Status: new
Priority: blocker | Milestone: 7.0.0
Component: wxGUI | Version: svn-trunk
Keywords: security, code injection, SQL injection, data loss, v.db.update | Platform: Unspecified
Cpu: Unspecified |
-----------------------------------------------------------------------------+
Comment(by mlennert):
I can't reproduce this bug. I've tried with different SQL texts and they
all are just put into the text field in the attribute table.
Maris, can you still confirm this bug ?
--
Ticket URL: <http://trac.osgeo.org/grass/ticket/2252#comment:4>
GRASS GIS <http://grass.osgeo.org>
More information about the grass-dev
mailing list