Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-537

f_unaccent single quote fullText tsquery sql injection

    XMLWordPrintable

Details

    • CP: sprint 78, CP: sprint 79
    • 2
    • Core: Platform

    Description

      f_unaccent converts these other single quotes into the regular single quote:
      <code>
      '
      ʼn
      '



      <code>
      This causes sql injection errors in the full text tsquery, see BF-163 for an example.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases