Modify ↓
#11829 closed defect (fixed)
MindMap macro has a SQL injection
Reported by: | Jun Omae | Owned by: | Martin Scharrer |
---|---|---|---|
Priority: | normal | Component: | MindMapMacro |
Severity: | normal | Keywords: | |
Cc: | Trac Release: | 1.0 |
Description
If a single quote character is used in content in MindMap
macro, the following error is raised.
... File "/home/jun66j5/src/trac/trac-hacks/mindmapmacro/0.11/tracmindmap/macro.py", line 205, in expand_macro self._set_cache(hash, mm) File "/home/jun66j5/src/trac/trac-hacks/mindmapmacro/0.11/tracmindmap/macro.py", line 152, in _set_cache cursor.execute("INSERT INTO mindmapcache VALUES ('%s','%s')" % (hash,content) ) File "/home/jun66j5/venv/trac/1.0.1/lib/python2.5/site-packages/trac/db/util.py", line 66, in execute return self.cursor.execute(sql) File "/home/jun66j5/venv/trac/1.0.1/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 78, in execute result = PyFormatCursor.execute(self, *args) File "/home/jun66j5/venv/trac/1.0.1/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 56, in execute args or []) File "/home/jun66j5/venv/trac/1.0.1/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 48, in _rollback_on_error return function(self, *args, **kwargs) OperationalError: unrecognized token: ""/></node></node></map>')"
-
mindmapmacro/0.11/tracmindmap/macro.py
146 146 def _set_cache(self, hash, content): 147 147 db = self.env.get_db_cnx() 148 148 cursor = db.cursor() 149 cursor.execute("INSERT INTO mindmapcache VALUES ('%s','%s')" % (hash,content) ) 149 cursor.execute("INSERT INTO mindmapcache VALUES (%s,%s)", 150 (hash, unicode(content))) 150 151 db.commit() 151 152 152 153 def _get_cache(self, hash, default=None):
Attachments (0)
Change History (4)
comment:1 Changed 11 years ago by
comment:2 Changed 10 years ago by
Hi guys, sorry I'm very busy with my day job and don't read all emails I get. Feel free to push that change. I'm not sure if I find time to do it myself in the next time.
Note: See
TracTickets for help on using
tickets.
I tried to get in touch with the author in #7481, but it seems like he is not longer around. It looks like this is another case where we should just go ahead and push the change if we don't hear from him within a few days.