Matthew Good wrote:
Starting with Trac 0.9.4 reports use parameterized queries for
substituting the report variables instead of inserting them directly
into the SQL. This led to the discovery of problems like the one
reported in http://projects.edgewall.com/trac/ticket/2773
.....
Hi,
I'm no expert but option three seems like the best in the long run.
Would that be the best place to implement security checks on the report
query too?
Cheers,
Felix
_______________________________________________
Trac-dev mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-dev
