Context Navigation

Modify ↓

#2217 closed defect (fixed)

[patch attached] SQL queries not being escaped

Reported by:	dexen deVries	Owned by:	Brett Smith
Priority:	normal	Component:	NikoNikoPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:	0.10

Description

When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.

Attachments (1)

nikonikoplugin-r2815.sql-escape.patch (3.0 KB) - added by dexen deVries 18 years ago.: patch for r2815 attempting to fix lacking SQL escaping

Download all attachments as: .zip

Change History (3)

Changed 18 years ago by dexen deVries

Attachment:	nikonikoplugin-r2815.sql-escape.patch added

patch for r2815 attempting to fix lacking SQL escaping

comment:1 Changed 18 years ago by Brett Smith

Status:	new → assigned

comment:2 Changed 18 years ago by Brett Smith

Resolution:	→ fixed
Status:	assigned → closed

Patch applied. Thanks for this fix :-)

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Brett Smith.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: