l.469,502: Queries are still not fully sanitized, any quotes or percent sizes in the input will result in unexpected behaviour. This is a security risk and a major bug potential.
I highly recommend you to add a function to sanitize input in the cmis module for queries and follow the documentation from http://wiki.alfresco.com/wiki/CMIS_Query_Language#Literals
Basic escaping:
\\ represents \
\' represents '
In addition to basic escaping, in LIKE expressions
l.469,502: Queries are still not fully sanitized, any quotes or percent sizes in the input will result in unexpected behaviour. This is a security risk and a major bug potential. wiki.alfresco. com/wiki/ CMIS_Query_ Language# Literals
I highly recommend you to add a function to sanitize input in the cmis module for queries and follow the documentation from http://
Basic escaping:
\\ represents \
\' represents '
In addition to basic escaping, in LIKE expressions
\% represents %
\_ represents _