Menu

#568 Advanced Search errors out if a URL segment is empty or invalid

v1.0 (example)
closed-fixed
Ahasuerus
None
5
2015-03-12
2015-03-12
Ahasuerus
No

Advanced Search errors out if a URL segment is empty or invalid. This doesn't create a SQL injection vulnerability because the data is properly escaped, but it causes a MySQL syntax error.

Discussion

  • Ahasuerus

    Ahasuerus - 2015-03-12
    • status: open --> closed-fixed
     

  • Ahasuerus

    Ahasuerus - 2015-03-12

    Fixed in:

    edit/aa_search.py 1.25
edit/ap_search.py 1.23
edit/pa_search.py 1.24
edit/pp_search.py 1.25
edit/ta_search.py 1.25
edit/tableInfoClass.py 1.16

    Installed in r2015-068 on 2015-03-11. Closing.

     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB