A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9 below:

[3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.o… · django/django@0bd57a8 · GitHub

30 30

from django.db.models.query_utils import (

 31 31

Q, check_rel_lookup_compatibility, refs_expression,

 32 32

)

 33 -

from django.db.models.sql.constants import INNER, LOUTER, ORDER_DIR, SINGLE

 33 +

from django.db.models.sql.constants import (

 34 +

INNER, LOUTER, ORDER_DIR, ORDER_PATTERN, SINGLE,

 35 +

)

 34 36

from django.db.models.sql.datastructures import (

 35 37

BaseTable, Empty, Join, MultiJoin,

 36 38

)

@@ -1897,7 +1899,7 @@ def add_ordering(self, *ordering):

 1897 1899

errors = []

 1898 1900

for item in ordering:

 1899 1901

if isinstance(item, str):

 1900 -

if '.' in item:

 1902 +

if '.' in item and ORDER_PATTERN.match(item):

 1901 1903

warnings.warn(

 1902 1904

'Passing column raw column aliases to order_by() is '

 1903 1905

'deprecated. Wrap %r in a RawSQL expression before '

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4