Reviewed: https://reviews.mahara.org/10395 Committed: https://git.mahara.org/mahara/mahara/commit/5d21a5a5add2aa71da8eddcf6c69bb0f08325545 Submitter: Robert Lyon ([email protected]) Branch: master
commit 5d21a5a5add2aa71da8eddcf6c69bb0f08325545 Author: Robert Lyon <[email protected]> Date: Fri Oct 4 10:16:04 2019 +1300 Bug 1846653: Fix unsafe plans sql queries behatnotneeded Change-Id: Ie6bafc19ae6ad865a75538a4cae49019a7df5eb3 Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1846653 Title: Need to correctly escape some plans sql queries Status in Mahara: Fix Committed Bug description: Some of the SQL queries in artefact/plans/tools/ directory rely on sprintf substitution. This is bad as it breaks for things like values with single quote as part of the string. We should do these SQL queries with the normal placeholder substitution to avoid this breakage and potential security hole. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1846653/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
