Menu

#568 Advanced Search errors out if a URL segment is empty or invalid

v1.0 (example)
closed-fixed
None
5
2015-03-12
2015-03-12
Ahasuerus
No

Advanced Search errors out if a URL segment is empty or invalid. This doesn't create a SQL injection vulnerability because the data is properly escaped, but it causes a MySQL syntax error.

Discussion

  • Ahasuerus

    Ahasuerus - 2015-03-12
    • status: open --> closed-fixed
     
  • Ahasuerus

    Ahasuerus - 2015-03-12

    Fixed in:

    edit/aa_search.py 1.25
    edit/ap_search.py 1.23
    edit/pa_search.py 1.24
    edit/pp_search.py 1.25
    edit/ta_search.py 1.25
    edit/tableInfoClass.py 1.16
    

    Installed in r2015-068 on 2015-03-11. Closing.

     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB