|
From: | Chris Cormack |
Subject: | Re: [Koha-devel] Re: XSS Vulnerabilities in Koha |
Date: | Fri, 31 Aug 2007 22:19:06 +1200 |
On 31/08/2007, at 10:14 PM, MJ Ray wrote:
Chris Cormack <address@hidden> wrote:On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:Which brings to mind another audit: one for SQL injection attacks. Ihaven't had a close at the code, but a grep of "->quote(" turns up 102uses in Koha/2.2.9, which leaves one feeling somewhat confident that the problem has been addressed at one stage.Yep, if quote isn't used place holders (?) are, which achieves the same thing.Is this quote-or-placeholder policy enforced on patch submission now?
While I'm serving as QA it will be :)
I did the original clean-up a few years ago, but I've changed a few other additions since. It's probably worth double-checking at some point, but there shouldn't be too many possible flaws.
Yep, checking can never hurt Chris -- Chris Cormack address@hidden VP Research and Development www.liblime.com LibLime +64 21 542 131
[Prev in Thread] | Current Thread | [Next in Thread] |