Re: [phpBT-dev] Bug reports via script

[Ulf E. <ulf...@fa...>]

* Ulf Erikson [2005-02-20 19:47]:
> Are the security issues mentioned earlier really fixed?
> http://sourceforge.net/mailarchive/forum.php?thread_id=4376593&forum_id=3188 
> 
> The patch I find that adresses this is:
> http://cvs.sourceforge.net/viewcvs.py/phpbt/phpbt/bug.php?view=log#rev1.134.2.3 
> 
> It seems to checks that bugid is an integer and it quotes a few SQL 
> queries. Still everything in inc/db/*.php are unquoted queries. My 
> feeling is that one can still issue SQL queries from remote by sending 
> faked forms. (simply adding commands to the URL by hand or using scripts 
> like these instead of using the intended web-form)

Sorry. The inc/db/*.php thing is probably not that bad. There are some 
quotes and you do quote strings by db->quote() and cast text that should 
be numbers to int when using queries out the $QUERY array. If nothing is 
missed that should be good enough (as far as i understand it)