Closed grahamhoyes closed 8 months ago
Got this running in a few environments, everything seems to be working as expected. @lmangani if there's any other testing you'd like to see let me know, otherwise this should be good for you to review.
Thanks @grahamhoyes the change is under review and we'll have an update soon! We appreciate your contribution!
@adubovikov please review whenever possible 👍
Apologies if there's a proper process I'm missing, but would it be possible to make a release that contains this @adubovikov? 1.4.59 was made just before this was merged.
Thanks!
Fixes #537
Adds escaping for identifiers (table names, users, etc) using
pq.QuoteIdentifier
, and for literals usingpq.QuoteLiteral
. This allows usernames with characters like-
and@
, passwords with'
, and resolves a SQL injection vulnerability.Updates
github.com/lib/pq
to the latest version. It needed to be upgraded to at least v1.2.0, which added theQuoteLiteral
function.Verification done thus far:
-
and@
in the username)