On 31/08/2007, at 10:14 PM, MJ Ray wrote:
Chris Cormack <[EMAIL PROTECTED]> wrote:
On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:
Which brings to mind another audit: one for SQL injection attacks. I
haven't had a close at the code, but a grep of "->quote(" turns
up 102
uses in Koha/2.2.9, which leaves one feeling somewhat confident that
the problem has been addressed at one stage.
Yep, if quote isn't used place holders (?) are, which achieves the
same thing.
Is this quote-or-placeholder policy enforced on patch submission now?
While I'm serving as QA it will be :)
I did the original clean-up a few years ago, but I've changed a few
other additions since. It's probably worth double-checking at some
point, but there shouldn't be too many possible flaws.
Yep, checking can never hurt
Chris
--
Chris Cormack [EMAIL PROTECTED]
VP Research and Development www.liblime.com
LibLime +64 21 542 131
_______________________________________________
Koha-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/koha-devel
