Changes between Initial Version and Version 1 of Ticket #11027


Ignore:
Timestamp:
Apr 21, 2013, 4:11:41 PM (11 years ago)
Author:
Ryan J Ollos
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11027 – Description

    initial v1  
    1 As Steffen pointed out in the [https://groups.google.com/forum/?fromgroups=#!topic/trac-users/QhctQ2rWzuc mailing list thread], the plugin doesn't follow the Trac guidelines for SQL statements, as described in t:TracDev/DatabaseApi#GuidelinesforSQLStatements. This will result in cross-db compatibility issues and the possibility of SQL injection.
     1As Steffen pointed out in the [https://groups.google.com/forum/?fromgroups=#!topic/trac-users/QhctQ2rWzuc mailing list thread], the plugin doesn't follow the Trac rules for DB API usage, as described in t:TracDev/DatabaseApi#RulesforDBAPIUsage. This will result in cross-db compatibility issues and the possibility of SQL injection.
    22
    33Here is an example fix (untested, as I don't understand the plugin well enough to execute this pathway or write a test):