Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-10-23 21:59:11 +00:00 · 2022-06-19 23:46:22 -04:00
parent 73766c1187
commit 877c800f25
10 changed files with 263 additions and 220 deletions
--- a/tests/custom_lookups/tests.py
+++ b/tests/custom_lookups/tests.py
@@ -75,7 +75,7 @@ class YearTransform(models.Transform):

    def as_sql(self, compiler, connection):
        lhs_sql, params = compiler.compile(self.lhs)
-        return connection.ops.date_extract_sql("year", lhs_sql), params
+        return connection.ops.date_extract_sql("year", lhs_sql, params)

    @property
    def output_field(self):