Red Hat Bugzilla – Bug 1248435
gom: should guard against special characters in identifiers
Last modified: 2016-05-18 09:45:34 EDT
Currently, gom does not protect its SQL generation logic against special characters in identifiers. Characters such as '! should be rejected to prevent any risk of SQL injection. There are some places which do not seem to be able to cope with spaces in identifiers because the identifiers are not quoted at all.
In the upstream bug, we double-checked that all the column names are sanitised "for free", by going through GParamSpec. The only feature that didn't use it was GomSorting, during the 0.3.2 development cycle.
Closing as this isn't actually a bug.