Added in #214, the change to migratus.database/migration-table-name attempted to prevent SQL injections. However, the change was both over-broad (as most SQL engines allow for qualified or quoted identifiers) and not the correct place to guard against such attacks (as anyone running a migration could just write malicious SQL directly in a new migration file).
The change is reverted to its previous implementation.
Added in #214, the change to
migratus.database/migration-table-nameattempted to prevent SQL injections. However, the change was both over-broad (as most SQL engines allow for qualified or quoted identifiers) and not the correct place to guard against such attacks (as anyone running a migration could just write malicious SQL directly in a new migration file).The change is reverted to its previous implementation.
Fixes #230