Skip to content
Toggle navigation
Projects
Groups
Snippets
Help
public
/
sequelize
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
不要怂,就是干,撸起袖子干!
Commit 562d5258
authored
Jul 19, 2016
by
Sushant
Committed by
Mick Hansen
Jul 19, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
mysql case for GEOGRAPHY/GEOMETRY sql injection (#6306)
1 parent
88c04218
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
17 additions
and
5 deletions
lib/data-types.js
lib/dialects/postgres/data-types.js
test/integration/model/geometry.test.js
lib/data-types.js
View file @
562d525
...
@@ -900,8 +900,8 @@ var GEOMETRY = ABSTRACT.inherits(function(type, srid) {
...
@@ -900,8 +900,8 @@ var GEOMETRY = ABSTRACT.inherits(function(type, srid) {
GEOMETRY
.
prototype
.
key
=
GEOMETRY
.
key
=
'GEOMETRY'
;
GEOMETRY
.
prototype
.
key
=
GEOMETRY
.
key
=
'GEOMETRY'
;
GEOMETRY
.
prototype
.
escape
=
false
;
GEOMETRY
.
prototype
.
escape
=
false
;
GEOMETRY
.
prototype
.
$stringify
=
function
(
value
)
{
GEOMETRY
.
prototype
.
$stringify
=
function
(
value
,
options
)
{
return
'GeomFromText(
\''
+
Wkt
.
convert
(
value
)
+
'\
')'
;
return
'GeomFromText(
'
+
options
.
escape
(
Wkt
.
convert
(
value
))
+
')'
;
};
};
/**
/**
...
@@ -925,8 +925,8 @@ var GEOGRAPHY = ABSTRACT.inherits(function(type, srid) {
...
@@ -925,8 +925,8 @@ var GEOGRAPHY = ABSTRACT.inherits(function(type, srid) {
GEOGRAPHY
.
prototype
.
key
=
GEOGRAPHY
.
key
=
'GEOGRAPHY'
;
GEOGRAPHY
.
prototype
.
key
=
GEOGRAPHY
.
key
=
'GEOGRAPHY'
;
GEOGRAPHY
.
prototype
.
escape
=
false
;
GEOGRAPHY
.
prototype
.
escape
=
false
;
GEOGRAPHY
.
prototype
.
$stringify
=
function
(
value
)
{
GEOGRAPHY
.
prototype
.
$stringify
=
function
(
value
,
options
)
{
return
'GeomFromText(
\''
+
Wkt
.
convert
(
value
)
+
'\
')'
;
return
'GeomFromText(
'
+
options
.
escape
(
Wkt
.
convert
(
value
))
+
')'
;
};
};
Object
.
keys
(
helpers
).
forEach
(
function
(
helper
)
{
Object
.
keys
(
helpers
).
forEach
(
function
(
helper
)
{
...
...
lib/dialects/postgres/data-types.js
View file @
562d525
...
@@ -293,7 +293,7 @@ module.exports = function (BaseTypes) {
...
@@ -293,7 +293,7 @@ module.exports = function (BaseTypes) {
array_oids
:
[]
array_oids
:
[]
};
};
GEOGRAPHY
.
parse
=
GEOGRAPHY
.
prototype
.
parse
=
function
(
value
,
options
)
{
GEOGRAPHY
.
parse
=
GEOGRAPHY
.
prototype
.
parse
=
function
(
value
)
{
var
b
=
new
Buffer
(
value
,
'hex'
);
var
b
=
new
Buffer
(
value
,
'hex'
);
return
wkx
.
Geometry
.
parse
(
b
).
toGeoJSON
();
return
wkx
.
Geometry
.
parse
(
b
).
toGeoJSON
();
};
};
...
...
test/integration/model/geometry.test.js
View file @
562d525
...
@@ -197,6 +197,18 @@ describe(Support.getTestDialectTeaser('Model'), function() {
...
@@ -197,6 +197,18 @@ describe(Support.getTestDialectTeaser('Model'), function() {
}
}
});
});
});
});
it
(
'should properly escape the single quotes on coordinates'
,
function
()
{
return
this
.
Model
.
create
({
location
:
{
type
:
"Point"
,
properties
:
{
exploit
:
"'); DELETE YOLO INJECTIONS; -- "
},
coordinates
:
[
39.807222
,
"'); DELETE YOLO INJECTIONS; -- "
]
}
});
});
});
});
}
}
});
});
Write
Preview
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment
