Opened 11 years ago
Closed 10 years ago
#3663 closed defect (fixed)
Insecure
| Reported by: | dsd | Owned by: | godiard |
|---|---|---|---|
| Priority: | Unspecified by Maintainer | Milestone: | Unspecified |
| Component: | Wikipedia | Version: | Unspecified |
| Severity: | Minor | Keywords: | |
| Cc: | Distribution/OS: | Unspecified | |
| Bug Status: | Unconfirmed |
Description
wikiserver commit 6ea1a1c78131 adds some custom string handling. This probably works in the " case but isn't great.
You should properly escape the string passed to the query. See the "# Never do this -- insecure!" example at http://docs.python.org/library/sqlite3.html
Change History (1)
comment:1 Changed 10 years ago by godiard
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed on Wikipedia 37.