On 31/08/2007, at 10:14 PM, MJ Ray wrote:
Chris Cormack <crc@liblime.com> wrote:
On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:
Which brings to mind another audit: one for SQL injection attacks. I haven't had a close at the code, but a grep of "->quote(" turns up 102 uses in Koha/2.2.9, which leaves one feeling somewhat confident that the problem has been addressed at one stage.
Yep, if quote isn't used place holders (?) are, which achieves the same thing.
Is this quote-or-placeholder policy enforced on patch submission now?
While I'm serving as QA it will be :)
I did the original clean-up a few years ago, but I've changed a few other additions since. It's probably worth double-checking at some point, but there shouldn't be too many possible flaws.
Yep, checking can never hurt Chris -- Chris Cormack chris.cormack@liblime.com VP Research and Development www.liblime.com LibLime +64 21 542 131