Diffusion fossology-nomossa debian packaging 368b3cb72f8b

fix(security) cp2foss SQL injection vulnerability
368b3cb72f8b
Actions

Description

fix(security) cp2foss SQL injection vulnerability

fix(security) cp2foss SQL injection vulnerability

Two SQL queries in the cp2foss utility insert variables into the SQL string, which creates an SQL injection vulnerability. This PR converts those queries into prepared statements using DbManager. SELECT \* has also been replaced with SELECT <fields> for efficiency.

removing unnecessary str_replace

commited by @timurphy as PR #665

Details

Provenance

Tim Murphy <tim.murphy@nicta.com.au>	Authored on Apr 6 2016, 10:27 AM
Maximilian Huber <maximilian.huber@tngtech.com>	Committed on Apr 6 2016, 10:27 AM
ardumont	Pushed on Feb 10 2021, 2:15 PM

Parents

rPFNb2e2adc0f745: Update Changes.md for 3.1.0-RC1

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

src/

cli/

cp2foss.php

rPFN368b3cb72f8b

View Options