Ticket #1087 (closed defect: fixed)

Opened 19 months ago

Last modified 12 months ago

SQL Injection possibilities

Reported by: ischommer Owned by: mlanthaler
Priority: blocker Milestone: Forum 0.1.2-rc1
Component: Modules - forum Version:
Severity: medium effort / impact Keywords:
Cc: Hours:

Description 

//ForumMemberProfile.php
function doregister($data, $form) {
		if($member = DataObject::get_one("Member","`Email` = '{$data['Email']}'")) {

$data isn't SQL-safe, you need to do 

$SQL_data = Convert::raw2sql($data);

please check if there are other occurances of this problem :)

Change History

Changed 18 months ago by mpeel

email test

Changed 13 months ago by sminnee

  • priority changed from critical to blocker
  • harvest_task set to (Unknown)
  • invoice_sent set to 0

Changed 13 months ago by sminnee

  • milestone set to Forum 0.2

Changed 12 months ago by mlanthaler

  • owner changed from mpeel to mlanthaler
  • status changed from new to assigned

Changed 12 months ago by mlanthaler

  • status changed from assigned to closed
  • resolution set to fixed

Changed 12 months ago by sminnee

Fixed in r45578, r45580, r45581, r45582

Markus - could you please note down the changesets that fixed an issue in the ticket comments :-). If you put an r at the front then it automatically becomes a link.

Changed 12 months ago by mlanthaler

Yes of course.. sorry I forgot that this time!

Note: See TracTickets for help on using tickets.