hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-14 01:47:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3966 from remo-lab/fix/sql-injection-truncate

Browse Source 
Fix SQL injection in truncate_data_tables
This commit is contained in:
Sarah Hoffmann
2026-02-05 14:44:55 +01:00
committed by GitHub
parent 8188689765 ae7301921a
commit b2f868d2fc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nominatim_db/tools/database_import.py
View File

@@ -195,7 +195,7 @@ def truncate_data_tables(conn: Connection) -> None:
WHERE tablename LIKE 'location_road_%'""")
for table in [r[0] for r in list(cur)]:
cur.execute('TRUNCATE ' + table)
cur.execute(pysql.SQL('TRUNCATE {}').format(pysql.Identifier(table)))
conn.commit()