tables:
customer:
where: 'email like "%@test.org" or created_at > date_sub(now(), interval 55 day)'
A query validator is making sure that the query does not include any dangerous statement (execute, drop, alter...).
The PR deprecates the filters param.
This param is restrictive, and it already allows to inject raw SQL in some way (with expr: syntax), so it's barely more secure than a plain where.
New filter syntax:
A query validator is making sure that the query does not include any dangerous statement (execute, drop, alter...).
The PR deprecates the
filters
param. This param is restrictive, and it already allows to inject raw SQL in some way (withexpr:
syntax), so it's barely more secure than a plain where.