Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix PDO prepare for CVE-2023-39524 #33758

Merged
merged 1 commit into from Sep 7, 2023
Merged

Fix PDO prepare for CVE-2023-39524 #33758

merged 1 commit into from Sep 7, 2023

Conversation

clotairer
Copy link
Contributor

@clotairer clotairer commented Aug 29, 2023
edited

Questions Answers
Branch? develop
Description? Instead of using the legacy method pSQL() use a proper "prepare" via PDO.
Type? refacto
Category? BO
BC breaks? no
Deprecations? no
How to test? As a backoffice user, go to "edit a product" V2 page, verify the search field for "associated product" works correctly
Fixed issue or discussion? Fixes #33759
Related PRs NC
Sponsor company @202-ecommerce

@clotairer clotairer requested a review from a team as a code owner August 29, 2023 15:52
@prestonBot prestonBot added the Refactoring Type: Refactoring label Aug 29, 2023
matthieu-rolland
matthieu-rolland approved these changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@matthieu-rolland matthieu-rolland left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

to be tested by a developer (I'll do it)

@matthieu-rolland matthieu-rolland mentioned this pull request Aug 29, 2023
Closed
2 tasks
matks
matks reviewed Aug 29, 2023
View reviewed changes
Copy link
Contributor

@matks matks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @clotairer and @matthieu-rolland what is the branch choice for this PR? Currently it targets develop but PR table says develop / 8.1.x

@clotairer
Copy link
Contributor Author

Hello @clotairer and @matthieu-rolland what is the branch choice for this PR? Currently it targets develop but PR table says develop / 8.1.x

For me, it's just a refactoring. No emergency.

matks
matks approved these changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@matks matks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good for me then 👍 I updated the PR body

@ps-jarvis ps-jarvis added the Waiting for QA Status: action required, waiting for test feedback label Aug 29, 2023
@prestonBot prestonBot added the develop Branch label Aug 29, 2023
kpodemski
kpodemski previously requested changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@kpodemski kpodemski left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this should go inside the 8.1.x branch.

Edit: I see comment above now, nothing to change. Thanks @clotairer

@ps-jarvis ps-jarvis added the Waiting for author Status: action required, waiting for author feedback label Aug 29, 2023
@kpodemski kpodemski dismissed their stale review August 29, 2023 20:35

not relevant anymore

@kpodemski kpodemski added Waiting for dev Status: action required, waiting for tech feedback and removed Waiting for author Status: action required, waiting for author feedback labels Aug 29, 2023
@nicosomb
Copy link
Contributor

nicosomb commented Sep 7, 2023

UI tests https://github.com/nicosomb/ga.tests.ui.pr/actions/runs/6108071781

if all is ✅ , we can merge.

@matthieu-rolland matthieu-rolland merged commit 46561fe into PrestaShop:develop Sep 7, 2023
18 checks passed
@matthieu-rolland
Copy link
Contributor

thank you @clotairer !

@matthieu-rolland matthieu-rolland removed Waiting for QA Status: action required, waiting for test feedback Waiting for dev Status: action required, waiting for tech feedback labels Sep 7, 2023
@clotairer clotairer deleted the patch-1 branch September 7, 2023 10:51
@nicosomb nicosomb added this to the 9.0.0 milestone Sep 7, 2023
@jolelievre jolelievre changed the title fix PDO prepare for CVE-2023-39524 Fix PDO prepare for CVE-2023-39524 Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthieu-rolland matthieu-rolland matthieu-rolland approved these changes

@matks matks matks approved these changes

@PululuK PululuK PululuK approved these changes

@kpodemski kpodemski kpodemski left review comments

Assignees

@matthieu-rolland matthieu-rolland

Labels
develop Branch Refactoring Type: Refactoring
Projects
PR Dashboard
Archived in project
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.

Refactor BO product page v2 by replacing product page v2 with a prepared SQL request
8 participants
@clotairer @nicosomb @matthieu-rolland @kpodemski @matks @PululuK @ps-jarvis @prestonBot