cmorgan at alum.wpi.edu
Thu Jun 8 10:25:08 CDT 2006
I'm not sure we need these input checks.
Currently we should be protected be either calling addSlashes() when we call
compile_insert_string() or by using syntax like:
$sQuery = "Select versionId from appVersion where
Who's '' around $_REQUEST should prevent the string from being interpreted as
anything but a single value passed as the value of appId.
While it might seem like a good idea to add these input checks there are a LOT
of input values to the appdb. It might be more worth while to audit out the
calls to 'query_appdb()' and make sure at the very least those aren't using
the input values without wrapping them with ''.
Once we know that our current sql injection protection is solid we should
probably consider doing this input protection. It should be done across all
input variables as once though, and probably with a single function so there
isn't a lot of isset() and addslashes() calls added to the code.
On Wednesday 07 June 2006 9:31 pm, EA Durbin wrote:
> In my example I emailed to you I failed to filter $_REQUEST['catId'] before
> I passed it to isset which was wrong.
> I have submitted a patch for appbrowse.php, in which the data is correctly
> filtered before passing it to the rest of the script.
> it should first be
> $clean = array();
> $clean['catId'] = makeSafe( $_REQUEST['catId'] );
> then it should test it
> if( isset( $clean['catId'] ))
More information about the wine-patches