[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2
From:       Marc Groot Koerkamp <stekkel () users ! sourceforge ! net>
Date:       2004-04-27 19:20:20
Message-ID: E1BIY7w-0003CA-JI () sc8-pr-cvs1 ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12078

Modified Files:
      Tag: SM-1_4-STABLE
	abook_database.php 
Log Message:
SQL injection fix. This is serious I think.


Index: abook_database.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/abook_database.php,v
retrieving revision 1.15.2.1
retrieving revision 1.15.2.2
diff -u -w -r1.15.2.1 -r1.15.2.2
--- abook_database.php	24 Feb 2004 15:57:14 -0000	1.15.2.1
+++ abook_database.php	27 Apr 2004 19:20:18 -0000	1.15.2.2
@@ -163,7 +163,7 @@
         }
          
         $query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
-                         $this->table, $this->owner, $alias);
+                         $this->table, $this->owner, $this->dbh->quoteString($alias));
 
         $res = $this->dbh->query($query);
 



-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic