53b323640f
In order to prevent SQL injections and , reveal information about the database tables avoid passing MySQL functions as GQL sorting parameters, I refactored the FormatSQL() function. Additionally, the old approach with using regex to filter the orderBy parameter was not effective and prevented using column.table annotations. |
||
---|---|---|
.. | ||
album.go | ||
generated.go | ||
media.go | ||
media_exif.go | ||
share_token.go | ||
site_info.go | ||
user.go | ||
utils.go | ||
video_metadata.go |