]> git.openstreetmap.org Git - nominatim.git/commitdiff
projects / nominatim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: f94828c)
properly escape class parameter
authorSarah Hoffmann <lonvia@denofr.de>
Sat, 2 May 2020 19:54:14 +0000 (21:54 +0200)
committerSarah Hoffmann <lonvia@denofr.de>
Sat, 2 May 2020 19:54:14 +0000 (21:54 +0200)
The class parameter was used as is, allowing for potential
SQL injection via the API.

Thanks to @bladeswords for finding this.


No differences found
Open Source search based on OpenStreetMap data