[Koha-bugs] [Bug 10590] in opac-topissues limit param is not protected
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 15 16:11:20 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
Robin Sheat <robin at catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Needs Signoff |Signed Off
--- Comment #6 from Robin Sheat <robin at catalyst.net.nz> ---
(In reply to Fridolyn SOMERS from comment #5)
> (In reply to Robin Sheat from comment #2)
> I did not took the time to hack the system with that but nevertheless it is
> dangerous to keep it as it is.
It is.
> > I don't think your patch goes far enough though: the $limit should be replaced by a '?' as well as being filtered
> You mean ending query with "limit ?" and using execute($limit) ?
> I thought it would not work because limit will be a string : "limit '10'".
It works fine, SQL doesn't really care about the difference between strings and
numbers when working with parameters.
I'm marking this signed off as it's /vital/ that one of these patches goes in,
it'd be best if they both did.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list