Tracker: Bugs
You have MANY SQL injection vulnerabilities in your code. The quick ones I
found are in:
admin/edit.php
admin/add.php
lib/book_search.php
You are using htmlspecialchars() where you should be using
pg_escape_string() instead. You need to look up these two functions to tell
you what the difference is.
AVdeveloper
None
None
Public
Comments ( 5 )
|
Date: 2009-01-16 15:54 This problem has been fixed with the now released version 1.1. |
|
Date: 2009-01-09 14:46 This has now been fixed- for version 1.1 to be released soon. |
|
Date: 2009-01-05 21:17 Started working on v 1.1 which will address this issue. I will also supply |
|
Date: 2009-01-05 19:12 Yes, I'm aware of that... unfortunately it was written a long, long time |
|
Date: 2008-11-04 01:21 Sorry for the typo in my earlier report. You need to use |
Attached File
No Files Currently Attached
Changes ( 10 )
| Field | Old Value | Date | By |
|---|---|---|---|
| close_date | 2009-01-05 19:12 | 2009-01-16 15:54 | avdeveloper |
| resolution_id | Accepted | 2009-01-16 15:54 | avdeveloper |
| status_id | Pending | 2009-01-16 15:54 | avdeveloper |
| resolution_id | None | 2009-01-09 14:46 | avdeveloper |
| artifact_group_id | v1.0 (example) | 2009-01-07 14:53 | avdeveloper |
| category_id | Interface (example) | 2009-01-07 14:53 | avdeveloper |
| assigned_to | nobody | 2009-01-05 21:17 | avdeveloper |
| close_date | - | 2009-01-05 19:12 | avdeveloper |
| status_id | Open | 2009-01-05 19:12 | avdeveloper |
| priority | 5 | 2008-11-04 01:07 | gnugeek |
About SourceForge
Develop Software
Community
Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use
