Merge pull request #77 from lomereiter/fix_sql

SQL security fixes
author: zsloan 2015-06-29 10:37:20 -0500
committer: zsloan 2015-06-29 10:37:20 -0500
commit: b8152f98f0d9c2a1ec0d73145a4670153b60a307 (patch)
tree: f2e419a375b87a361c9288a9defd7bb46fade4b2 /wqflask/wqflask
parent: 1353414114b9595a1b207ae4da28e5e725edc550 (diff)
parent: a41f9323ea5b86be6d2139a927586630b222af68 (diff)
download: genenetwork2-b8152f98f0d9c2a1ec0d73145a4670153b60a307.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/wqflask/wqflask/docs.py b/wqflask/wqflask/docs.py
index 07b0b81a..a8363a1f 100755
--- a/wqflask/wqflask/docs.py
+++ b/wqflask/wqflask/docs.py
@@ -8,9 +8,9 @@ class Docs(object):
         sql = """
             SELECT Docs.title, Docs.content
             FROM Docs
-            WHERE Docs.entry LIKE '%s'
+            WHERE Docs.entry LIKE %s
             """
-        result = g.db.execute(sql % (entry)).fetchone()
+        result = g.db.execute(sql, str(entry)).fetchone()
         self.entry = entry
         self.title = result[0]
         self.content = result[1]
author	zsloan	2015-06-29 10:37:20 -0500
committer	zsloan	2015-06-29 10:37:20 -0500
commit	b8152f98f0d9c2a1ec0d73145a4670153b60a307 (patch)
tree	f2e419a375b87a361c9288a9defd7bb46fade4b2 /wqflask/wqflask
parent	1353414114b9595a1b207ae4da28e5e725edc550 (diff)
parent	a41f9323ea5b86be6d2139a927586630b222af68 (diff)
download	genenetwork2-b8152f98f0d9c2a1ec0d73145a4670153b60a307.tar.gz