[Koha-bugs] [Bug 9458] Add sorting to lists
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 26 16:36:08 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9458
--- Comment #23 from Kyle M Hall <kyle at bywatersolutions.com> ---
Good catch! We cannot use a placeholder for ORDER BY fields, but we *can*
escape it using quote_identifier to ensure it cannot be used for SQL injection
attacks. I've attached a second followup to add this.
(In reply to comment #21)
> I am concerned about the way $sortfield is included directly in the query.
> Does it provide an SQL injection vector?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list