Modify

Opened 7 years ago

Closed 7 years ago

#2217 closed defect (fixed)

[patch attached] SQL queries not being escaped

Reported by: dexen Owned by: tanktarta
Priority: normal Component: NikoNikoPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.

Attachments (1)

nikonikoplugin-r2815.sql-escape.patch (3.0 KB) - added by dexen 7 years ago.
patch for r2815 attempting to fix lacking SQL escaping

Download all attachments as: .zip

Change History (3)

Changed 7 years ago by dexen

patch for r2815 attempting to fix lacking SQL escaping

comment:1 Changed 7 years ago by tanktarta

  • Status changed from new to assigned

comment:2 Changed 7 years ago by tanktarta

  • Resolution set to fixed
  • Status changed from assigned to closed

Patch applied. Thanks for this fix :-)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.