From 2a27e8224c028f097ab5aff9c532ccf39aa4568f Mon Sep 17 00:00:00 2001
From: Jeremy Evans A no_auto_string_literals extension has been added, which removes the
+ A no_auto_literal_strings extension has been added, which removes the
automatic usage of strings in filter arguments as literal SQL code. By
default, if you do:
Date: Tue, 1 Mar 2016 11:27:58 -0800
Subject: [PATCH] Update website for 4.32.0 release notes fix
---
rdoc/files/doc/release_notes/4_32_0_txt.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rdoc/files/doc/release_notes/4_32_0_txt.html b/rdoc/files/doc/release_notes/4_32_0_txt.html
index b64af76f02..87993a2100 100644
--- a/rdoc/files/doc/release_notes/4_32_0_txt.html
+++ b/rdoc/files/doc/release_notes/4_32_0_txt.html
@@ -40,7 +40,7 @@
4.32.0.txt
New Features¶ ↑
New Features&par
literal SQL code is probably the most common SQL injection vector in
applications using Sequel.
With the no_auto_string_literals extension, passing a plain string as the +
With the no_auto_literal_strings extension, passing a plain string as the first or only argument to a filter method raises an exception. If you want to use literal SQL code, you have to do so explicitly: