| Lucas_Werkmeister_WMDE added a comment. |
That looks like a recipe for an sql injection, how did this pass security review?
I should’ve been clearer – this is in Database::selectSQLText. That’s the one place where code like this would be expected, right? (Assuming that all the variables have been sanitized properly before.)
TASK DETAIL
EMAIL PREFERENCES
To: Lucas_Werkmeister_WMDE
Cc: greg, Ladsgroup, jcrespo, Marostegui, TerraCodes, Stashbot, Liuxinyu970226, Jonas, Aklapper, gerritbot, Lucas_Werkmeister_WMDE, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Baloch007, Darkminds3113, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, HJiang-WMF, LawExplorer, Lewizho99, Maathavan, Agabi10, dpatrick, Luke081515, Wikidata-bugs, aude, GWicke, Bawolff, Stype_and_Co.-WMF, Jalexander, ArielGlenn, Parent5446, Anomie, Grunny, He7d3r, csteipp, Mbch331, Jay8g, Legoktm, mmodell
Cc: greg, Ladsgroup, jcrespo, Marostegui, TerraCodes, Stashbot, Liuxinyu970226, Jonas, Aklapper, gerritbot, Lucas_Werkmeister_WMDE, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Baloch007, Darkminds3113, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, HJiang-WMF, LawExplorer, Lewizho99, Maathavan, Agabi10, dpatrick, Luke081515, Wikidata-bugs, aude, GWicke, Bawolff, Stype_and_Co.-WMF, Jalexander, ArielGlenn, Parent5446, Anomie, Grunny, He7d3r, csteipp, Mbch331, Jay8g, Legoktm, mmodell
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
