From 049b65ce2539b195836c7e461ed914e3b2309c32 Mon Sep 17 00:00:00 2001 From: Ophir LOJKINE Date: Sun, 1 Oct 2023 03:08:36 +0200 Subject: [PATCH] fix markdown formatting --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dbc30f7c..f34ffe94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,11 +14,12 @@ SQLPage now launches password hashing operations on a separate thread pool, and can continue processing other requests while waiting for passwords to be hashed. - Easier configuration for multiple menu items. Syntax like `SELECT 'shell' as component, '["page 1", "page 2"]' as menu_item'` now works as expected. See the new `sqlpage_shell` definition in [the small sql game example](./examples/corporate-conundrum/) and [this discussion](https://github.com/lovasoa/SQLpage/discussions/91). - New `sqlpage.exec` function to execute a command on the server. This allows you to run arbitrary code on the server, and use the result in your SQL queries. This can be used to make external API calls, send emails, or run any other code on the server. - ```sql + ```sql select 'card' as component; select value->>'name' as title, value->>'email' as description from json_each(sqlpage.exec('curl', 'https://jsonplaceholder.typicode.com/users')); ``` + This function is disabled by default for security reasons. To enable it, set the `allow_exec` configuration parameter to `true` in the [configuration](./configuration.md). Enabling it gives full access to the server to anyone who can write SQL queries on your website (this includes users with access to the local filesystem and users with write access to the `sqlpage_files` table on your database), so be careful ! - New `sqlpage.url_encode` function to percent-encode URL parameters. ```sql