mahara-contributors team mailing list archive

Thread
Date

[Bug 1846653] A patch has been submitted for review

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1846653@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Oct 2019 21:53:05 -0000
Reply-to: Bug 1846653 <1846653@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Patch for "master" branch: https://reviews.mahara.org/10395

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1846653

Title:
  Need to correctly escape some plans sql queries

Status in Mahara:
  In Progress

Bug description:
  Some of the SQL queries in artefact/plans/tools/ directory rely on
  sprintf substitution. This is bad as it breaks for things like values
  with single quote as part of the string.

  We should do these SQL queries with the normal placeholder
  substitution to avoid this breakage and potential security hole.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1846653/+subscriptions

References

[Bug 1846653] [NEW] Need to correctly escape some plans sql queries
From: Robert Lyon, 2019-10-03