search

qzaidi / quran

node,websql and javascript API for Holy quran
qzaidi.github.io/quran/
Creative Commons Attribution 4.0 International
123 stars 36 forks source link

sqlite injection attack #12

Closed qzaidi closed 5 years ago

qzaidi commented 5 years ago

The way multiple languages are supported currently lead to possible sql injection. In building the query string with join, this needs to be fixed.

qzaidi commented 5 years ago

fixed in 25e38228a8d6b4441ea0bf65efe767e7863ce804