[Bug 1953] New: remove possible SQL injection attacks
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1953 Summary: remove possible SQL injection attacks Product: Koha Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Database AssignedTo: Andrew.moore@liblime.com ReportedBy: Andrew.moore@liblime.com QAContact: koha-bugs@nongnu.org I've found a handful of SQL queries that don't use placeholders and bind variables, but instead have variables passed directly into them. These may allow SQL injection attacks. I plan on refactoring them so that they use placeholders instead. ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
participants (1)
-
bugzilla-daemon@pippin.metavore.com