We always welcome PRs for open issues. This sounds as if there is a general potential for SQL injection in the layer names that we should be protecting against,
Ian On Wed, 14 Jun 2023 at 10:09, Mike Bryant via GeoTools-Devel < geotools-devel@lists.sourceforge.net> wrote: > Dear all, > > https://osgeo-org.atlassian.net/browse/GEOT-6266 > > I've recently run into GEOT-6266 attempting to use the GeoPackage export > plugin with GeoServer 2.23.1, since some of our layer names contain > hyphens. > > Looking at the relevant code in GeoPackage.java this could be resolved > by quoting the table name in a few SQLite queries, and I'm happy to > submit PRs for this if that would be welcome. However, perhaps there are > other considerations here I'm not aware of? I guess there's the larger > issue of compatibility and best-practices for layer naming but I'm not > sure where that is supposed to be enforced. > > Many thanks, > Mike > > > > _______________________________________________ > GeoTools-Devel mailing list > GeoTools-Devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geotools-devel > -- Ian Turton
_______________________________________________ GeoTools-Devel mailing list GeoTools-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel
