summaryrefslogtreecommitdiff
path: root/archaeological_finds/views_api.py
diff options
context:
space:
mode:
Diffstat (limited to 'archaeological_finds/views_api.py')
-rw-r--r--archaeological_finds/views_api.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/archaeological_finds/views_api.py b/archaeological_finds/views_api.py
index 4302fbd89..8bea74eb7 100644
--- a/archaeological_finds/views_api.py
+++ b/archaeological_finds/views_api.py
@@ -32,7 +32,8 @@ class PublicFindAPI(APIView):
)
ordering = "CASE {} END".format(clauses)
- return models.Find.objects.filter(id__in=id_list).extra(
+ # nosec: extra clauses uses only find id from a FindBasket query no injection possible
+ return models.Find.objects.filter(id__in=id_list).extra( # nosec
select={"ordering": ordering}, order_by=("ordering",)
)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 13:58:31 +0000