Unary operators does not escape non-Expression
This can be used to inject SQL.
For example:
>>> str(And([Literal(True), 'foo']))
'(%s AND foo)'
should be
>>> str(And([Literal(True), 'foo']))
'(%s AND %s)'
This can be used to inject SQL.
For example:
>>> str(And([Literal(True), 'foo']))
'(%s AND foo)'
should be
>>> str(And([Literal(True), 'foo']))
'(%s AND %s)'
added type::behavior label
assigned to @ced
mentioned in commit f20551bbb8b3
mentioned in merge request !26 (merged)
changed title from Unaray operators does not escape non-Expression to Unary operators does not escape non-Expression
closed with merge request !26 (merged)
made the issue visible to everyone