Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-06-18 06:29:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

Use true/false for boolean parameter inclusive to avoid potential for sqli, and possibly make the code clearer

Browse source
This commit is contained in:
Mark Haines 2016-07-05 10:39:13 +01:00
parent 0fb76c71ac
commit d44d11d864
2 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
synapse/storage/event_push_actions.py
View file

@ -86,7 +86,7 @@ class EventPushActionsStore(SQLBaseStore):
" user_id = ?"
" AND room_id = ?"
" AND %s"
) % (lower_bound(token, self.database_engine, inclusive=""),)
) % (lower_bound(token, self.database_engine, inclusive=False),)
txn.execute(sql, (user_id, room_id))
row = txn.fetchone()