[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2
From: Marc Groot Koerkamp <stekkel () users ! sourceforge ! net>
Date: 2004-04-27 19:20:20
Message-ID: E1BIY7w-0003CA-JI () sc8-pr-cvs1 ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12078
Modified Files:
Tag: SM-1_4-STABLE
abook_database.php
Log Message:
SQL injection fix. This is serious I think.
Index: abook_database.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/abook_database.php,v
retrieving revision 1.15.2.1
retrieving revision 1.15.2.2
diff -u -w -r1.15.2.1 -r1.15.2.2
--- abook_database.php 24 Feb 2004 15:57:14 -0000 1.15.2.1
+++ abook_database.php 27 Apr 2004 19:20:18 -0000 1.15.2.2
@@ -163,7 +163,7 @@
}
$query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
- $this->table, $this->owner, $alias);
+ $this->table, $this->owner, $this->dbh->quoteString($alias));
$res = $this->dbh->query($query);
-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic