The php app is a walking SQL injection
--------------------------------------
Key: OLIO-152
URL: https://issues.apache.org/jira/browse/OLIO-152
Project: Olio
Issue Type: Bug
Components: php-app
Affects Versions: 0.2
Reporter: John C McCullough
Assignee: Shanti Subramanyam
No sql statement escaping is done and users can walk all over the database.
Entering user lol'; update PERSON set firstname='sqlparty'
changes all of the firstnames in the database.
Entering user '; drop table
is worse
I haven't looked at the java or rails versions.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
