Modify

Opened 15 years ago

Closed 15 years ago

#4713 closed defect (fixed)

ServerSideRedirectPlugin vulnerable to SQL injection

Reported by: hakon.enger@… Owned by: Martin Scharrer
Priority: normal Component: ServerSideRedirectPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

I believe the plugin as written is vulnerable to SQL injection attacks. I have attached a proposed fix.

Attachments (1)

serversideredirect.patch (497 bytes) - added by hakon.enger@… 15 years ago.
Proposed fix of possible SQL injection vulnerability

Download all attachments as: .zip

Change History (2)

Changed 15 years ago by hakon.enger@…

Attachment: serversideredirect.patch added

Proposed fix of possible SQL injection vulnerability

comment:1 Changed 15 years ago by Martin Scharrer

Resolution: fixed
Status: newclosed

Thank you so much for the hint and the patch. I applied it to the source in SVN.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Martin Scharrer.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.