Modify

Opened 5 years ago

Closed 5 years ago

#4713 closed defect (fixed)

ServerSideRedirectPlugin vulnerable to SQL injection

Reported by: hakon.enger@… Owned by: martin_s
Priority: normal Component: ServerSideRedirectPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

I believe the plugin as written is vulnerable to SQL injection attacks. I have attached a proposed fix.

Attachments (1)

serversideredirect.patch (497 bytes) - added by hakon.enger@… 5 years ago.
Proposed fix of possible SQL injection vulnerability

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by hakon.enger@…

Proposed fix of possible SQL injection vulnerability

comment:1 Changed 5 years ago by martin_s

  • Resolution set to fixed
  • Status changed from new to closed

Thank you so much for the hint and the patch. I applied it to the source in SVN.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from martin_s. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.