Modify

Opened 7 years ago

Closed 7 years ago

#2217 closed defect (fixed)

[patch attached] SQL queries not being escaped

Reported by: dexen Owned by: tanktarta
Priority: normal Component: NikoNikoPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.

Attachments (1)

nikonikoplugin-r2815.sql-escape.patch (3.0 KB) - added by dexen 7 years ago.
patch for r2815 attempting to fix lacking SQL escaping

Download all attachments as: .zip

Change History (3)

Changed 7 years ago by dexen

patch for r2815 attempting to fix lacking SQL escaping

comment:1 Changed 7 years ago by tanktarta

  • Status changed from new to assigned

comment:2 Changed 7 years ago by tanktarta

  • Resolution set to fixed
  • Status changed from assigned to closed

Patch applied. Thanks for this fix :-)

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from tanktarta. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.