id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
9981	[PATCH] SQL injection vulnerability patch for TracDownloads	aleksihanninen	Blackhex	\r\nThere is a SQL injection vulnerability in the [DownloadsPlugin Trac Downloads plugin].\r\n\r\nTwo patches are provided as attached:\r\n\r\n1. tracdownloads_sql_injection_vulnerability.patch\r\n\r\n2. tracdownloads_patch_complete.patch\r\n\r\nUse the first "sql injection vulnerability" patch to fix the vulnerability. The patch also introduces fix in the download link resolver (link generation for download files in wiki context) by file.\r\n\r\nA more complete, but unfortunately largely untested, "complete" patch contains the first "sql injection vulnerability" patch and also introduces other fixes, like:\r\n\r\n- Editing just the description of the downloads won't crash. (If editing just the description of the downloads, you shouldn't expect any file to be uploaded)\r\n- Since components should not use self.*, add a dict req_data and use that instead. This improves the security of concurrency.\r\n\r\nUnfortunately, I haven't been able to test this with Vanilla trac, and I give no guarantees whatsoever. However, the first patch should work without problems.\r\n\r\nMy environment consists of Apache, Linux, Python 2.6, and Trac 0.12.1.\r\n	defect	new	normal	DownloadsPlugin	normal				0.12