Modify

Opened 8 years ago

Closed 8 years ago

#4713 closed defect (fixed)

ServerSideRedirectPlugin vulnerable to SQL injection

Reported by: hakon.enger@… Owned by: Martin Scharrer
Priority: normal Component: ServerSideRedirectPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

I believe the plugin as written is vulnerable to SQL injection attacks. I have attached a proposed fix.

Attachments (1)

serversideredirect.patch (497 bytes) - added by hakon.enger@… 8 years ago.
Proposed fix of possible SQL injection vulnerability

Download all attachments as: .zip

Change History (2)

Changed 8 years ago by hakon.enger@…

Attachment: serversideredirect.patch added

Proposed fix of possible SQL injection vulnerability

comment:1 Changed 8 years ago by Martin Scharrer

Resolution: fixed
Status: newclosed

Thank you so much for the hint and the patch. I applied it to the source in SVN.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Martin Scharrer.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.