Modify

Opened 9 years ago

Closed 9 years ago

#2217 closed defect (fixed)

[patch attached] SQL queries not being escaped

Reported by: dexen deVries Owned by: Brett Smith
Priority: normal Component: NikoNikoPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.

Attachments (1)

nikonikoplugin-r2815.sql-escape.patch (3.0 KB) - added by dexen deVries 9 years ago.
patch for r2815 attempting to fix lacking SQL escaping

Download all attachments as: .zip

Change History (3)

Changed 9 years ago by dexen deVries

patch for r2815 attempting to fix lacking SQL escaping

comment:1 Changed 9 years ago by Brett Smith

Status: newassigned

comment:2 Changed 9 years ago by Brett Smith

Resolution: fixed
Status: assignedclosed

Patch applied. Thanks for this fix :-)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Brett Smith.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.