Modify

Opened 8 years ago

Closed 8 years ago

#4713 closed defect (fixed)

ServerSideRedirectPlugin vulnerable to SQL injection

Reported by: hakon.enger@… Owned by: Martin Scharrer
Priority: normal Component: ServerSideRedirectPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

I believe the plugin as written is vulnerable to SQL injection attacks. I have attached a proposed fix.

Attachments (1)

serversideredirect.patch (497 bytes) - added by hakon.enger@… 8 years ago.
Proposed fix of possible SQL injection vulnerability

Download all attachments as: .zip

Change History (2)

Changed 8 years ago by hakon.enger@…

Attachment: serversideredirect.patch added

Proposed fix of possible SQL injection vulnerability

comment:1 Changed 8 years ago by Martin Scharrer

Resolution: fixed
Status: newclosed

Thank you so much for the hint and the patch. I applied it to the source in SVN.

Modify Ticket

Action
as closed The owner will remain Martin Scharrer.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.