packages/python-PyMySQL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-PyMySQL/CVE-2024-36039.patch
yinyongkang d3b83e6510 Fix CVE-2024-36039 
(cherry picked from commit 4fc6700836e1eeb14a1f4c7455a3e83bee2239fb)
2024-05-24 10:32:55 +08:00

30 lines
792 B
Diff
Raw Blame History

From 521e40050cb386a499f68f483fefd144c493053c Mon Sep 17 00:00:00 2001
From: Inada Naoki <songofacandy@gmail.com>
Date: Sat, 18 May 2024 11:33:30 +0900
Subject: [PATCH] forbid dict parameter
---
pymysql/converters.py | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/pymysql/converters.py b/pymysql/converters.py
index 1adac75..dbf97ca 100644
--- a/pymysql/converters.py
+++ b/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
def escape_dict(val, charset, mapping=None):
- n = {}
- for k, v in val.items():
- quoted = escape_item(v, charset, mapping)
- n[k] = quoted
- return n
+ raise TypeError("dict can not be used as parameter")
def escape_sequence(val, charset, mapping=None):
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink