Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.
Permalink
Browse files

Fix sql injection in user exists request

Signed-off-by: William Desportes <williamdes@wdes.fr>
  • Loading branch information
williamdes committed Jan 1, 2020
1 parent 9f82b71 commit c86acbf3ed49f69cf38b31879886dd5eb86b6983
Showing with 1 addition and 1 deletion.
  1. +1 −1 libraries/classes/Server/Privileges.php
@@ -3067,7 +3067,7 @@ public static function getExtraDataForAjaxBehavior(

if (isset($_GET['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
. $_GET['username'] . "';";
. $GLOBALS['dbi']->escapeString($_GET['username']) . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {

2 comments on commit c86acbf

@IanRobertson-wpe

This comment has been minimized.

Copy link

IanRobertson-wpe replied Jan 8, 2020

Is there any reason this isn't using a parameterized query?

@williamdes

This comment has been minimized.

Copy link
Member Author

williamdes replied Jan 8, 2020

@IanRobertson-wpe Yes, prepared statement where implemented in #15492

Please sign in to comment.
You can’t perform that action at this time.