Changes between Initial Version and Version 1 of Ticket #11027
- Timestamp:
- Apr 21, 2013, 4:11:41 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #11027 – Description
initial v1 1 As Steffen pointed out in the [https://groups.google.com/forum/?fromgroups=#!topic/trac-users/QhctQ2rWzuc mailing list thread], the plugin doesn't follow the Trac guidelines for SQL statements, as described in t:TracDev/DatabaseApi#GuidelinesforSQLStatements. This will result in cross-db compatibility issues and the possibility of SQL injection.1 As Steffen pointed out in the [https://groups.google.com/forum/?fromgroups=#!topic/trac-users/QhctQ2rWzuc mailing list thread], the plugin doesn't follow the Trac rules for DB API usage, as described in t:TracDev/DatabaseApi#RulesforDBAPIUsage. This will result in cross-db compatibility issues and the possibility of SQL injection. 2 2 3 3 Here is an example fix (untested, as I don't understand the plugin well enough to execute this pathway or write a test):