This will also not allow sql injection in user level aplication if they
use (!(??)!) in sql.
** Changed in: aikiframework
Importance: Undecided => Medium
** Changed in: aikiframework
Status: New => Confirmed
** Changed in: aikiframework
Milestone: None => 0.9.1
--
You received this bug notification because you are a member of Aiki
Framework Developers, which is subscribed to aikiframework.
https://bugs.launchpad.net/bugs/951377
Title:
the parser does not escape parts of the URL before using them as db
arguments
Status in Aiki Framework:
Confirmed
Bug description:
I need someone to confirm this.
Just looking at Engine_aiki.php I can't see anywhere that the URL
arguments like '(!(1)!)' are getting escaped before being combined
into a complete SQL query.
I just noticed that if I have a part of my URL that contains a ' then
it breaks the SQL query and I get no output for that widget.
If I have a URL that looks like this:
article/Article-One-('My'-Article)
SELECT * FROM blog_posts WHERE title = '(!(1)!)'
then I'm pretty sure the normal_select ends up as:
SELECT * FROM blog_posts WHERE title = 'Article-One-('My'-Article)'
and not:
SELECT * FROM blog_posts WHERE title = 'Article-One-(\'My\'-Article)'
To manage notifications about this bug go to:
https://bugs.launchpad.net/aikiframework/+bug/951377/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~aikiframework-devel
Post to : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework-devel
More help : https://help.launchpad.net/ListHelp
