View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000155 | Main CAcert Website | source code | public | 2006-03-05 21:03 | 2013-01-14 01:15 |
Reporter | Assigned To | ||||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000155: unparsed variables used in mysql query | ||||
Description | In account/53.php line 27, 36, 56, 71, 74, 86 $_REQUEST['regid'] $_REQUEST['ccid'] are used directly within a mysql_query(). As far as I see their values a not parsed before. Because of magic_quotes_gpc turned on and quotes around the $_REQUEST[] this is currently not a big deal, but for security reasons it should be changed. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
Same in account/54.php line 34. |
|
OK, found some parsing in includes/account.php but this is confusing and error prone. Please make sure that it doesn't depend on nine if-constructs which may not cover all cases or might be circumvented by e.g. setting $name to something that is not == htmlentities($name). |
|
fixed... |
|
1. account/53.php line 19 is missing a ";". Skript is currently broken! 2. account/54.php line 34 has not changed. |
|
1. account/53.php line 19 is missing a ";". Skript is currently broken! 2. account/54.php line 34 has not changed. |
|
fixed |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-03-05 21:03 |
|
New Issue | |
2006-03-05 21:07 |
|
Note Added: 0000098 | |
2006-03-05 21:29 |
|
Note Added: 0000099 | |
2006-03-05 21:50 | duane | Status | new => closed |
2006-03-05 21:50 | duane | Note Added: 0000101 | |
2006-03-05 21:50 | duane | Resolution | open => fixed |
2006-03-05 21:50 | duane | Fixed in Version | => production |
2006-03-06 05:07 |
|
Note Added: 0000105 | |
2006-03-06 05:08 |
|
Assigned To | => duane |
2006-03-06 05:08 |
|
Status | closed => needs feedback |
2006-03-06 05:08 |
|
Resolution | fixed => reopened |
2006-03-06 05:08 |
|
Note Added: 0000106 | |
2006-03-06 09:30 | duane | Note Added: 0000107 | |
2006-03-06 09:33 | duane | Status | needs feedback => closed |
2006-03-06 09:33 | duane | Resolution | reopened => fixed |
2006-04-24 06:15 |
|
Assigned To | duane => |
2013-01-14 01:15 | Werner Dworak | Fixed in Version | => 2006 |