Re: [Koha-devel] Re: XSS Vulnerabilities in Koha

koha-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Koha-devel] Re: XSS Vulnerabilities in Koha

From:	MJ Ray
Subject:	Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Date:	Fri, 31 Aug 2007 11:14:26 +0100
User-agent:	Heirloom mailx 12.2 01/07/07

Chris Cormack <address@hidden> wrote:
> On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:
> > Which brings to mind another audit: one for SQL injection attacks. I
> > haven't had a close at the code, but a grep of "->quote(" turns up 102
> > uses in Koha/2.2.9, which leaves one feeling somewhat confident that
> > the problem has been addressed at one stage.
> >
> Yep, if quote isn't used place holders (?) are, which achieves the  
> same thing.

Is this quote-or-placeholder policy enforced on patch submission now?

I did the original clean-up a few years ago, but I've changed a few
other additions since.  It's probably worth double-checking at some
point, but there shouldn't be too many possible flaws.

Regards,
-- 
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

[Prev in Thread]

Current Thread

[Next in Thread]

[Koha-devel] Re: XSS Vulnerabilities in Koha, Rick Welykochy, 2007/08/30
- [Koha-devel] Re: XSS Vulnerabilities in Koha, Chris Cormack, 2007/08/30
  - [Koha-devel] Re: XSS Vulnerabilities in Koha, Rick Welykochy, 2007/08/30
  - Re: [Koha-devel] Re: XSS Vulnerabilities in Koha, MJ Ray <=
    - Re: [Koha-devel] Re: XSS Vulnerabilities in Koha, Chris Cormack, 2007/08/31

Prev by Date: [Fwd: Re: [Koha-devel] how to contribute to Koha]
Next by Date: Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Previous by thread: [Koha-devel] Re: XSS Vulnerabilities in Koha
Next by thread: Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Index(es):
- Date
- Thread