Re: [Koha-devel] Re: XSS Vulnerabilities in Koha

koha-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Koha-devel] Re: XSS Vulnerabilities in Koha

From:	Chris Cormack
Subject:	Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Date:	Fri, 31 Aug 2007 22:19:06 +1200


On 31/08/2007, at 10:14 PM, MJ Ray wrote:

Chris Cormack <address@hidden> wrote:

On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:

Which brings to mind another audit: one for SQL injection attacks. I

haven't had a close at the code, but a grep of "->quote(" turnsup 102

uses in Koha/2.2.9, which leaves one feeling somewhat confident that
the problem has been addressed at one stage.

Yep, if quote isn't used place holders (?) are, which achieves the
same thing.


Is this quote-or-placeholder policy enforced on patch submission now?

While I'm serving as QA it will be :)

I did the original clean-up a few years ago, but I've changed a few
other additions since.  It's probably worth double-checking at some
point, but there shouldn't be too many possible flaws.

Yep, checking can never hurt

Chris
--
Chris Cormack                            address@hidden
VP Research and Development                        www.liblime.com
LibLime                                             +64 21 542 131

[Prev in Thread]

Current Thread

[Next in Thread]

[Koha-devel] Re: XSS Vulnerabilities in Koha, Rick Welykochy, 2007/08/30
- [Koha-devel] Re: XSS Vulnerabilities in Koha, Chris Cormack, 2007/08/30
  - [Koha-devel] Re: XSS Vulnerabilities in Koha, Rick Welykochy, 2007/08/30
  - Re: [Koha-devel] Re: XSS Vulnerabilities in Koha, MJ Ray, 2007/08/31
    - Re: [Koha-devel] Re: XSS Vulnerabilities in Koha, Chris Cormack <=

Prev by Date: Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Next by Date: Re: [Koha-devel] Database Structure [update strategy : proposal]
Previous by thread: Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
Next by thread: Re: [Koha-devel] IMPORTANT Koha 3.0 updatedatase and kohastructure.sql
Index(es):
- Date
- Thread