Skip to content
Snippets Groups Projects

Query Sanitization and parametrization

Merged Query Sanitization and parametrization
uma.s/vtigercrm:Security_SQL_Injections into master
Merged Uma requested to merge uma.s/vtigercrm:Security_SQL_Injections into master

Merge request reports

Approval is optional

Merged by avatar (Mar 29, 2025 5:24pm UTC)

Merge details

  • Changes merged into master with 39ce7911.
  • Did not delete the source branch.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
modules/Settings/Picklist/models/Module.php
272 275 $deleteValueList[] = ' ( roleid = "'.$roleId.'" AND '.'picklistvalueid = "'.$pickListValueId.'") ';
273 276 }
274 277 }
275 $query = 'INSERT IGNORE INTO vtiger_role2picklist (roleid,picklistvalueid,picklistid) VALUES '.implode(',',$insertValueList);
276 $result = $db->pquery($query,array());
278 $query = 'INSERT IGNORE INTO vtiger_role2picklist (roleid,picklistvalueid,picklistid) VALUES '. generateQuestionMarks($insertValueList);
  • Alan Lord
    Alan Lord @lord_alan started a thread on commit 70483b78
    • modules/Settings/Workflows/models/ListView.php
    143 145 $sourceModule = $this->get('sourceModule');
    144 146 if($sourceModule) {
    145 147 $listQuery .= " WHERE module_name = '$sourceModule'";
    148 array_push($params, $sourceModule);
  • Uma
    Uma @uma.s started a thread on commit 70483b78
    • modules/Settings/Workflows/models/ListView.php
    143 145 $sourceModule = $this->get('sourceModule');
    144 146 if($sourceModule) {
    145 147 $listQuery .= " WHERE module_name = '$sourceModule'";
    148 array_push($params, $sourceModule);
    Please register or sign in to reply

    Copyright 2023 Vtiger. All rights reserved.