bumblepie
commented
5 years ago Fixed in second PR (ignore first PR, was going from master to dev instead of the other way)
Closed bumblepie closed 5 years ago
bumblepie
commented
5 years ago Fixed in second PR (ignore first PR, was going from master to dev instead of the other way)
Currently the SQL queries for the SQlite and MySQL backed repositories are created via formatting strings, which leads to SQL injection vulnerabilities. As much as I would like to see a DROP TABLES haiku, changing these to prepared statements would make the system safer.