You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
That type stores enum values as strings in the database. But its method for obtaining SQL compatible literal values just yields the enum value name (or string representation of the underlying type value if not named) as is, not as a SQL string literal.
So, using that type for the few features relying on ObjectToSQLString is very likely to fail. (So, using it as a discriminator, or in a query referencing a static field.)
But it does not allow a practical SQL injection since it is limited to inject a single word having .Net identifier naming constraints. So, I will not fix this in #3547 but I open an issue instead.
The text was updated successfully, but these errors were encountered:
While working on a fix for #3516 in #3547, the case of
EnumStringType.ObjectToSQLStringappeared to be invalid on another level.nhibernate-core/src/NHibernate/Type/EnumStringType.cs
Lines 192 to 195 in e8028fb
That type stores enum values as strings in the database. But its method for obtaining SQL compatible literal values just yields the enum value name (or string representation of the underlying type value if not named) as is, not as a SQL string literal.
So, using that type for the few features relying on
ObjectToSQLStringis very likely to fail. (So, using it as a discriminator, or in a query referencing a static field.)But it does not allow a practical SQL injection since it is limited to inject a single word having .Net identifier naming constraints. So, I will not fix this in #3547 but I open an issue instead.
The text was updated successfully, but these errors were encountered: