Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upneed some help to analysis PMASA-2019-5 #15651
Comments
This comment has been minimized.
This comment has been minimized.
|
@djerrystyle if you are using a version before 4.7.7 you can close the issue. |
This comment has been minimized.
This comment has been minimized.
|
Hi, @djerrystyle. Thanks for the question. |
This comment has been minimized.
This comment has been minimized.
|
I think perhaps the wording of the PMASA was a bit unclear here as well; as I recall the initial problem that William discovered was thought to be an SQL injection, but in fixing that it was discovered that the output was interpreted rather than displayed (which was more of an XSS attack) and it seems that perhaps I never updated the PMASA with those details. |
This comment has been minimized.
This comment has been minimized.
|
thank you! |
the comit "ff541af#diff-318d13940f6a71a40c408f13d1c24512" fix "sql injection".
add html escaped in move.js and database_tables.twig , but it look like just add filter at output .
in my point, if fix sqlinject should add filter at input point,but i cannot find where is the inject point.
the commit for sure can anti xss ,but how it anti sql, can u give me some tips.
i not sure my questions is right , if any wrong, i will delete this question...
thank you!