git.openstreetmap.org Git - nominatim.git/commit

]> git.openstreetmap.org Git - nominatim.git/commit

author	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 19:54:14 +0000 (21:54 +0200)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 20:17:35 +0000 (22:17 +0200)
commit	ae85ceca1e6c579db0f922077cd36c91261e2874
tree	f617354aad6e82fe9e88c0ffd33851c1320fb60f	tree \| snapshot
parent	ec86a972a241754b66be0a31e73ca7ca27bc51de	commit \| diff

properly escape class parameter

The class parameter was used as is, allowing for potential
SQL injection via the API.

Thanks to @bladeswords for finding this.

website/details.php

diff | blob | history

Open Source search based on OpenStreetMap data

RSS Atom