l.471 Still severe bug and injection potential
Try: filename = "sql%' OR '1' = '1' OR '%injection"
CMIS must provide a code escape function, otherwise use OpenERP's. It is important that you don't do this manually.
https://en.wikipedia.org/wiki/Sql_injection
There are also no unittests. The previous example would be a good thing to test.
« Back to merge proposal
l.471 Still severe bug and injection potential
Try:
filename = "sql%' OR '1' = '1' OR '%injection"
CMIS must provide a code escape function, otherwise use OpenERP's. It is important that you don't do this manually.
https:/ /en.wikipedia. org/wiki/ Sql_injection
There are also no unittests. The previous example would be a good thing to test.