packages/python-PyMySQL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-PyMySQL/CVE-2024-36039.patch
wk333 c59b48d363 Fix CVE-2024-36039 
(cherry picked from commit 1cfe31ba26fd922e0d9b586132ddc5c349458929)
2024-05-24 10:34:13 +08:00

29 lines
896 B
Diff
Raw Permalink Blame History

From 521e40050cb386a499f68f483fefd144c493053c Mon Sep 17 00:00:00 2001
From: Inada Naoki <songofacandy@gmail.com>
Date: Sat, 18 May 2024 11:33:30 +0900
Subject: [PATCH] forbid dict parameter
Origin: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
---
pymysql/converters.py | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/pymysql/converters.py b/pymysql/converters.py
index 1adac752..dbf97ca7 100644
--- a/pymysql/converters.py
+++ b/pymysql/converters.py
@@ -28,11 +28,7 @@ def escape_item(val, charset, mapping=None):
return val
def escape_dict(val, charset, mapping=None):
- n = {}
- for k, v in val.items():
- quoted = escape_item(v, charset, mapping)
- n[k] = quoted
- return n
+ raise TypeError("dict can not be used as parameter")
def escape_sequence(val, charset, mapping=None):
n = []
Reference in New Issue View Git Blame Copy Permalink