Opened 8 years ago

Closed 8 years ago

#4713 closed defect (fixed)

ServerSideRedirectPlugin vulnerable to SQL injection

Reported by: hakon.enger@… Owned by: martin_s
Priority: normal Component: ServerSideRedirectPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11


I believe the plugin as written is vulnerable to SQL injection attacks. I have attached a proposed fix.

Attachments (1)

serversideredirect.patch (497 bytes) - added by hakon.enger@… 8 years ago.
Proposed fix of possible SQL injection vulnerability

Download all attachments as: .zip

Change History (2)

Changed 8 years ago by hakon.enger@…

Proposed fix of possible SQL injection vulnerability

comment:1 Changed 8 years ago by martin_s

  • Resolution set to fixed
  • Status changed from new to closed

Thank you so much for the hint and the patch. I applied it to the source in SVN.

Add Comment

Modify Ticket

as closed The owner will remain martin_s.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.