On Fri, Oct 18, 2013 at 5:10 PM, Marcos García <address@hidden> wrote:
I think we all knew about this vulnerabilities... And if not, we have been warned about them months ago...But it is great that you fixed them.
But I hoever do not understand well if they are fixed or just they have a temporary hact to prvent them , but as the text states which doesnt work in all situations ?
Rgds
Saxa
Regards,
2013/10/18 Doursenaud, Raphaël <address@hidden>_______________________________________________It also says "However, their sanitization methods were not fixed, and no mention was made on a future patch. Other SQLi vectors are likely." in the introduction.We should think about converting the source code to use parametrized queries. Maybe in a 4.0 branch ?What's your opinion ?--Raphaël Doursenaud05 35 53 97 13 - 06 68 48 20 10
Technopole Hélioparc2 avenue du Président Pierre Angot64053 PAU CEDEX 9SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
_______________________________________________
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev