Public bug reported:
Some of the SQL queries in artefact/plans/tools/ directory rely on
sprintf substitution. This is bad as it breaks for things like values
with single quote as part of the string.
We should do these SQL queries with the normal placeholder substitution
to avoid this breakage and potential security hole.
** Affects: mahara
Importance: High
Assignee: Robert Lyon (robertl-9)
Status: In Progress
** Changed in: mahara
Assignee: (unassigned) => Robert Lyon (robertl-9)
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1846653
Title:
Need to correctly escape some plans sql queries
Status in Mahara:
In Progress
Bug description:
Some of the SQL queries in artefact/plans/tools/ directory rely on
sprintf substitution. This is bad as it breaks for things like values
with single quote as part of the string.
We should do these SQL queries with the normal placeholder
substitution to avoid this breakage and potential security hole.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1846653/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
