mahara-contributors team mailing list archive

Thread
Date

[Bug 1846653] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1846653@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Oct 2019 22:44:02 -0000
Reply-to: Bug 1846653 <1846653@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/10395
Committed: https://git.mahara.org/mahara/mahara/commit/5d21a5a5add2aa71da8eddcf6c69bb0f08325545
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    master

commit 5d21a5a5add2aa71da8eddcf6c69bb0f08325545
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Fri Oct 4 10:16:04 2019 +1300

Bug 1846653: Fix unsafe plans sql queries

behatnotneeded

Change-Id: Ie6bafc19ae6ad865a75538a4cae49019a7df5eb3
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1846653

Title:
  Need to correctly escape some plans sql queries

Status in Mahara:
  Fix Committed

Bug description:
  Some of the SQL queries in artefact/plans/tools/ directory rely on
  sprintf substitution. This is bad as it breaks for things like values
  with single quote as part of the string.

  We should do these SQL queries with the normal placeholder
  substitution to avoid this breakage and potential security hole.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1846653/+subscriptions

References

[Bug 1846653] [NEW] Need to correctly escape some plans sql queries
From: Robert Lyon, 2019-10-03