A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f below:

[3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.o… · django/django@a34a5f7 · GitHub

30 30

from django.db.models.query_utils import (

 31 31

Q, check_rel_lookup_compatibility, refs_expression,

 32 32

)

 33 -

from django.db.models.sql.constants import INNER, LOUTER, ORDER_DIR, SINGLE

 33 +

from django.db.models.sql.constants import (

 34 +

INNER, LOUTER, ORDER_DIR, ORDER_PATTERN, SINGLE,

 35 +

)

 34 36

from django.db.models.sql.datastructures import (

 35 37

BaseTable, Empty, Join, MultiJoin,

 36 38

)

@@ -1969,7 +1971,7 @@ def add_ordering(self, *ordering):

 1969 1971

errors = []

 1970 1972

for item in ordering:

 1971 1973

if isinstance(item, str):

 1972 -

if '.' in item:

 1974 +

if '.' in item and ORDER_PATTERN.match(item):

 1973 1975

warnings.warn(

 1974 1976

'Passing column raw column aliases to order_by() is '

 1975 1977

'deprecated. Wrap %r in a RawSQL expression before '

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4