[Qgis-developer] SQL Injection vulnerability

Thu Mar 6 10:17:50 PST 2014

2014-03-06 19:09 GMT+01:00 Gino Pirelli <luipir at gmail.com>:

> Hi alessandro
>
> this is inside provider... I suppose that qgis server uses provider as
> Desktop
>
>

Yes, but it does some sanity checks.

https://github.com/qgis/QGIS/blob/master/src/mapserver/qgswmsserver.cpp#L1975

-- 
Alessandro Pasotti
w3:   www.itopen.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20140306/f5a4d7a2/attachment.html>