Oto Šimeček

Hi @HenryRLee , yes, this definitely opens up SQL injection, fyi Query.apex is already filled with these: Example: ```java Query query = new Query('Account'). selectFields('Name'). addConditionLike('Id = \'null\') OR (Name...

> (Although I can't verify it now. You can try to prove me wrong. This helps us improving our code.) Totally agree. This whole ticket is about that :) >...

#68

Also re LHSides - I guess there is no need to add extra complexity to the code base and check it via introspection - the query would fail hard anyway...

Oh, you're right, I haven't noticed that the `formAggregateString` is called in all Query Strings (as long as there are functionFields). Thought there was separate method for aggregation queries and...

Btw: sorry I haven't replied -> yes, this does fix the issue for me :)

@rsoesemann Yup, I can implement it, I actually already peeked into the source code and saw that I'd have to study too much code in order to do it solely...

Thanks guys! I will be offline for a week -> I am gonna look into this after I am back :) Yeah at first I had in mind just custom...

Hi Guys, You need to use npm shrinkwrap and enforce in catalog github-slugger 1.1.3 as dep :)