#2252: wxGUI vector digitizer passing unescaped text to database
-------------------------+-------------------------------------------------
Reporter: marisn | Owner: grass-dev@…
Type: defect | Status: closed
Priority: critical | Milestone: 7.0.5
Component: wxGUI | Version: svn-trunk
Resolution: fixed | Keywords: security, code injection, SQL
CPU: | injection, data loss, v.db.update
Unspecified | Platform: Unspecified
-------------------------+-------------------------------------------------
Changes (by annakrat):
* status: new => closed
* resolution: => fixed
Comment:
Replying to [comment:16 marisn]:
> After backporting, this ticket should be closed, as original issue has
been solved. Parameter binding is a more complicated issue and thus should
be addressed in a separate bug.
--
Ticket URL: <https://trac.osgeo.org/grass/ticket/2252#comment:19>
GRASS GIS <https://grass.osgeo.org>