wrap logical predicate into () to prevent possible SQL attack (!61) · Merge requests · unitybase / ub-server

In case expression is like below, all AND parts (for example appended by RLS) are ignored

UB.Repository('uba_user').attrs('ID').where('ID', '>', 1, 'a1').where('ID', '>', 1, 'a2').logic('[a1] OR [a2]').select()

wrap logical predicate into () to prevent possible SQL attack