git.openstreetmap.org Git - nominatim.git/commit

]> git.openstreetmap.org Git - nominatim.git/commit

author	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 19:54:14 +0000 (21:54 +0200)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Sat, 2 May 2020 19:54:14 +0000 (21:54 +0200)
commit	f94828c3f4ffa375943171aa921e3c5bc095d4f4
tree	46eb4810dce6200772e2ab468514a6ec3a04014a	tree \| snapshot
parent	0e1e7c7df20940a95ac3ae5e88c8537539cd6945	commit \| diff

properly escape class parameter

The class parameter was used as is, allowing for potential
SQL injection via the API.

Thanks to @bladeswords for finding this.

website/details.php

diff | blob | history

Open Source search based on OpenStreetMap data

RSS Atom