git.ipfire.org Git - thirdparty/patchwork.git/commit

]> git.ipfire.org Git - thirdparty/patchwork.git/commit

projects / thirdparty / patchwork.git / commit

author	Daniel Axtens <dja@axtens.net>
	Mon, 29 Jan 2018 15:37:51 +0000 (02:37 +1100)
committer	Daniel Axtens <dja@axtens.net>
	Tue, 30 Jan 2018 15:35:35 +0000 (02:35 +1100)
commit	846f825f2bc3f854ff359db46b8d78ee1dbfc2f8
tree	58e5842fabec0e1b8f0ed2af60ede35a790623fd	tree \| snapshot
parent	77ae4221d59a335ed17ec3e5dde9382a3ba7b7fb	commit \| diff

views/user: string interpolation in raw SQL is safe here

There's a FIXME asking for some generated SQL that uses string
interpolation to be investigated.

I investigated.

It's safe - it only interpolates table/column names, not
user-controlled data.

Replace the FIXME with an explanatory statement.

Signed-off-by: Daniel Axtens <dja@axtens.net>

patchwork/views/user.py

diff | blob | blame | history

Mirror of https://github.com/getpatchwork/patchwork.git

RSS Atom