Opened 8 years ago

Closed 6 years ago

#3663 closed defect (fixed)

Insecure

Reported by: dsd Owned by: godiard
Priority: Unspecified by Maintainer Milestone: Unspecified
Component: Wikipedia Version: Unspecified
Severity: Minor Keywords:
Cc: Distribution/OS: Unspecified
Bug Status: Unconfirmed

Description

wikiserver commit 6ea1a1c78131 adds some custom string handling. This probably works in the " case but isn't great.

You should properly escape the string passed to the query. See the "# Never do this -- insecure!" example at http://docs.python.org/library/sqlite3.html

Change History (1)

comment:1 Changed 6 years ago by godiard

  • Resolution set to fixed
  • Status changed from new to closed

Fixed on Wikipedia 37.

Note: See TracTickets for help on using tickets.