New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed most SQL Injections #20
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Still needs more fixes (like shell injections)
Made the Db object handle escaping so you can use other types of databases / escaping.
Fixed ($db!==false) stuff, that's impossible you will always get an object with $var=new Object(); unless it's out of ram but that kills PHP. replaced it with isConnected() method. Also fixed edit bhyve form memory value, it was annoying me.
Still need a full read but since I'm about to split up some code I'll review it later in parts. * Should first fix the shell injections I guess..
olevole
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
moveee
approved these changes
Apr 25, 2019
|
@Stefar77 looks good! Please merge it! |
No more string concats in queries to make it a bit more readable.
Some more style fixes, also marked some XSS and possible shell injections.
moveee
approved these changes
Apr 25, 2019
Stefar77
commented
Apr 26, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Next step is fix the shell injections (without breaking anything) and splitting up some stuff into own classes to make it more manageable.
SQL commands look nicer in uppercase and also makes it a bit more readable or a bit faster to find the different parts of the query..
Sorry, unit test will come soon...
moveee
approved these changes
Apr 28, 2019
|
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Did a few fixes yesterday.
Still needs more fixes (like filtering for shell injections) and some more tweaks, working on that tonight.
I may split up the clonos object into separate objects (i.e. jail, bhyve, node) next update.