Query Sanitization and parametrization
Merge request reports
Activity
Filter activity
Added 1 commit:
- e8ff613a - SQl parametrizations and dat sanitization is addressed
Added 1 commit:
- 16ddaccf - Query parametrization and sanitization is addressed
Added 1 commit:
- 70483b78 - Settings page made secure for SQL Injections
Added 1 commit:
- fbd8c396 - Query has been Sanitized and Parametrized
Added 1 commit:
- fefc247b - query statements are been transformed to pquery
Added 1 commit:
- 758a6a39 - Test and corrected parametrized queries
Added 13 commits:
-
758a6a39...bc8b5ca1 - 12 commits from branch
vtiger:master
- 39ce7911 - Merge branch 'master' into Security_SQL_Injections
-
758a6a39...bc8b5ca1 - 12 commits from branch
mentioned in commit 5fd5e37e
272 275 $deleteValueList[] = ' ( roleid = "'.$roleId.'" AND '.'picklistvalueid = "'.$pickListValueId.'") '; 273 276 } 274 277 } 275 $query = 'INSERT IGNORE INTO vtiger_role2picklist (roleid,picklistvalueid,picklistid) VALUES '.implode(',',$insertValueList); 276 $result = $db->pquery($query,array()); 278 $query = 'INSERT IGNORE INTO vtiger_role2picklist (roleid,picklistvalueid,picklistid) VALUES '. generateQuestionMarks($insertValueList); @uma.s Please see #1323 (closed) I believe the bug was introduced with this commit.
143 145 $sourceModule = $this->get('sourceModule'); 144 146 if($sourceModule) { 145 147 $listQuery .= " WHERE module_name = '$sourceModule'"; 148 array_push($params, $sourceModule); @lord_alan That's a good catch, Thanks! Alan, We will address this.
Please register or sign in to reply