[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr-git] [Dolibarr/dolibarr] e42353: Revert "Fix: sql injection"
|
From: |
Laurent Destailleur |
|
Subject: |
[Dolibarr-git] [Dolibarr/dolibarr] e42353: Revert "Fix: sql injection" |
|
Date: |
Mon, 09 Apr 2012 16:31:35 -0700 |
Branch: refs/heads/3.1
Home: https://github.com/Dolibarr/dolibarr
Commit: e42353bc329043af4f5ed847cf5e22b11b839713
https://github.com/Dolibarr/dolibarr/commit/e42353bc329043af4f5ed847cf5e22b11b839713
Author: Laurent Destailleur <address@hidden>
Date: 2012-04-09 (Mon, 09 Apr 2012)
Changed paths:
M htdocs/admin/tools/export.php
M htdocs/lib/functions.lib.php
Log Message:
-----------
Revert "Fix: sql injection"
This reverts commit feeb542e80b0c2b7419fae134b8be97b0bc7b123.
Commit: d6cd54fda7544c0cb35a4d6d28ab4af74eccfc27
https://github.com/Dolibarr/dolibarr/commit/d6cd54fda7544c0cb35a4d6d28ab4af74eccfc27
Author: Laurent Destailleur <address@hidden>
Date: 2012-04-09 (Mon, 09 Apr 2012)
Changed paths:
M htdocs/admin/tools/export.php
Log Message:
-----------
Revert code because it does not fix security hole completely. Also it
does work on origin but at a transition level.
Sanitizing for command line data must not appears inside a function used
for http data. I prefer fixing this at the source and also using a rule
that clean all attacks completely instead of a rule that clean "most
problem but not all".
Compare: https://github.com/Dolibarr/dolibarr/compare/feeb542...d6cd54f
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dolibarr-git] [Dolibarr/dolibarr] e42353: Revert "Fix: sql injection",
Laurent Destailleur <=