mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-06 20:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.

Browse source
This commit is contained in:
Mariusz Felisiak 2022-04-01 13:48:47 +02:00
parent 93cae5cb2f
commit 6723a26e59
7 changed files with 85 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
django/db/backends/postgresql/features.py
View file

@ -54,7 +54,6 @@ class DatabaseFeatures(BaseDatabaseFeatures):
only_supports_unbounded_with_preceding_and_following = True
supports_aggregate_filter_clause = True
supported_explain_formats = {"JSON", "TEXT", "XML", "YAML"}
validates_explain_options = False # A query will error on invalid options.
supports_deferrable_unique_constraints = True
has_json_operators = True
json_key_contains_list_matching_requires_list = True