diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-04-01 13:48:47 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-04-11 09:02:58 +0200 |
| commit | 00b0fc50e1738c7174c495464a5ef069408a4402 (patch) | |
| tree | cd5668d0ea1c96bbd62c5e922b0d1988c2287e90 /django/db/backends/postgresql/features.py | |
| parent | 800828887a0509ad1162d6d407e94d8de7eafc60 (diff) | |
[4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
Diffstat (limited to 'django/db/backends/postgresql/features.py')
| -rw-r--r-- | django/db/backends/postgresql/features.py | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/django/db/backends/postgresql/features.py b/django/db/backends/postgresql/features.py index 61715f30d7..6dab8d73d5 100644 --- a/django/db/backends/postgresql/features.py +++ b/django/db/backends/postgresql/features.py @@ -54,7 +54,6 @@ class DatabaseFeatures(BaseDatabaseFeatures): only_supports_unbounded_with_preceding_and_following = True supports_aggregate_filter_clause = True supported_explain_formats = {"JSON", "TEXT", "XML", "YAML"} - validates_explain_options = False # A query will error on invalid options. supports_deferrable_unique_constraints = True has_json_operators = True json_key_contains_list_matching_requires_list = True |