Koha/C4/Utils at b2b5570f083c30a8f22f6b4e93a1a1e44bc55778 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Joonas Kylmälä b2b5570f08 Bug 27715: Use $dbh->quote_identifier to quote untrusted input The sanitization using regex and \w class of characters might be enough but given the vast number of unicode characters in \w and possibility of in the future the database engines interpreting some of those characters with special meaning it is better to wrap the column identifier to quotes using $dbh->quote_identifier so it is only interpreted as identifier and nothing else. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	2021-02-24 00:12:59 +01:00
..
DataTables	Bug 27673: Replace YAML with YAML::XS	2021-02-16 14:54:50 +01:00
DataTables.pm	Bug 27715: Use $dbh->quote_identifier to quote untrusted input	2021-02-24 00:12:59 +01:00

Joonas Kylmälä b2b5570f08 Bug 27715: Use $dbh->quote_identifier to quote untrusted input

The sanitization using regex and \w class of characters might be
enough but given the vast number of unicode characters in \w and
possibility of in the future the database engines interpreting some of
those characters with special meaning it is better to wrap the column
identifier to quotes using $dbh->quote_identifier so it is only
interpreted as identifier and nothing else.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

2021-02-24 00:12:59 +01:00

DataTables

Bug 27673: Replace YAML with YAML::XS

2021-02-16 14:54:50 +01:00

DataTables.pm

Bug 27715: Use $dbh->quote_identifier to quote untrusted input

2021-02-24 00:12:59 +01:00