- Issue created by @emircanerkul
- Open in Jenkins β Open on Drupal.org βCore: 9.5.x + Environment: PHP 8.0 & MySQL 5.7 (--ignore-platform-reqs)last update
8 months ago 79 pass - @emircanerkul opened merge request.
- Issue was unassigned.
- Status changed to Needs review
8 months ago 7:59am 25 October 2023 - Open in Jenkins β Open on Drupal.org βCore: 9.5.x + Environment: PHP 8.0 & MySQL 5.7 (--ignore-platform-reqs)last update
8 months ago 79 pass - Status changed to Closed: won't fix
7 months ago 3:41pm 30 November 2023 - πΊπΈUnited States AaronBauman Philadelphia
The idea behind the API client is to be a very thin wrapper, not a sanitization layer.
These changes to SelectQuery in particular will break existing implementations that rely on being able to build queries with raw inputs.It's the responsibility of the callers to sanitize input, and properly specify arguments.
I can't think of a reason why we'd want to support non-url characters for things like Salesforce IDs or table names.