git.openstreetmap.org Git - nominatim.git/commit

]> git.openstreetmap.org Git - nominatim.git/commit

author	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 21:01:27 +0000 (23:01 +0200)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 21:01:27 +0000 (23:01 +0200)
commit	f549379e318d300e1d7188acdcc16d731b245bf7
tree	d8edb245c8a91f792d017cff20d184c093e5c954	tree \| snapshot
parent	627a487fcfd325f8a340f10298a961d15d2760b6	commit \| diff

properly escape class parameter

The class parameter was used as is, allowing for potential
SQL injection via the API.

Thanks to @bladeswords for finding this.

website/details.php

diff | blob | history

Open Source search based on OpenStreetMap data

RSS Atom