Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MySQL 5.7 SQL Incection FIX #4547

Closed
wants to merge 1 commit into from

Conversation

@rav88
Copy link
Contributor

commented Dec 6, 2015

Fixes Error with MySQL 5.7, where is not possible to inject SELECT with alias into the UPDATE statement that way.
(Error Code: 1093. You can't specify target table 'ps_order_invoice' for update in FROM clause 0.015 sec)

MySQL 5.7 SQL Incection FIX
Fixes Error with MySQL 5.7, where is not possible to inject SELECT with alias into the UPDATE statement that way.
(Error Code: 1093. You can't specify target table 'ps_order_invoice' for update in FROM clause	0.015 sec)

@julienbourdeau julienbourdeau self-assigned this Dec 7, 2015

@xBorderie

This comment has been minimized.

Copy link
Contributor

commented Dec 9, 2015

Hey @rav88 , thank you for your contribution!
Could amend your commit message in order to follow those guidelines: http://doc.prestashop.com/display/PS16/How+to+write+a+commit+message?
You can use git commit --amend to change the commit, then update your PR. See here: http://schacon.github.io/history.html
Thank you!

@julienbourdeau

This comment has been minimized.

Copy link
Contributor

commented Dec 11, 2015

Hi,

Please update your commit message and make sure you use 4 spaces for intend (not tabs).
Then I can merge your PR and I'll port it to 1.6.1.x. We need this fix 😃

Thank you for your contribution.I f you feel like it, there must be a few other SQL query to update. ;)

@julienbourdeau

This comment has been minimized.

Copy link
Contributor

commented Dec 11, 2015

Also, you can use getValue() to save a line like here

@maximebiloe

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2016

Hello,

Thanks for your contribution. I've cherry-picked your commit here 0f4a359

Regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.