[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Koha-devel] Re: XSS Vulnerabilities in Koha
From: |
MJ Ray |
Subject: |
Re: [Koha-devel] Re: XSS Vulnerabilities in Koha |
Date: |
Fri, 31 Aug 2007 11:14:26 +0100 |
User-agent: |
Heirloom mailx 12.2 01/07/07 |
Chris Cormack <address@hidden> wrote:
> On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:
> > Which brings to mind another audit: one for SQL injection attacks. I
> > haven't had a close at the code, but a grep of "->quote(" turns up 102
> > uses in Koha/2.2.9, which leaves one feeling somewhat confident that
> > the problem has been addressed at one stage.
> >
> Yep, if quote isn't used place holders (?) are, which achieves the
> same thing.
Is this quote-or-placeholder policy enforced on patch submission now?
I did the original clean-up a few years ago, but I've changed a few
other additions since. It's probably worth double-checking at some
point, but there shouldn't be too many possible flaws.
Regards,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/