[AppDB] Make screen shots safe from SQL injection
Tony Lambregts
tony.lambregts at gmail.com
Mon Jun 26 21:11:17 CDT 2006
This is a subset of Chris Morgan's select_update_delete_injection.patch which
only deals with screen shots. I had to modify admin/adminScreenshots.php to get
rid of the quotes around the question marks that made the query fail but
otherwise it is the same.
I changed line 120 of admin/adminScreenshots.php like so.
from ORDER BY id ASC LIMIT '?', '?'", $offset, $ItemsPerPage);
to ORDER BY id ASC LIMIT ?, ?", $offset, $ItemsPerPage);
Change log: Makes screen shots safe from SQL injection
Files changed:
appimage.php
viewScreenshots.php
admin/adminScreenshots.php
include/db.php
include/screenshot.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: make_screenshots_safe_from_injection.diff
Type: text/x-patch
Size: 10799 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20060626/51006ced/make_screenshots_safe_from_injection-0001.diff
More information about the wine-patches
mailing list