Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Fix sql injection in translation api #14952

Merged
merged 1 commit into from Apr 20, 2023

Conversation

Corepex
Copy link
Contributor

@Corepex Corepex commented Apr 18, 2023

Additional info

WHAT

🤖 Generated by Copilot at bb4563c

Fix security issues in translation module by escaping field names in SQL queries. Update TranslationController.php to use quoteIdentifier method.

🤖 Generated by Copilot at bb4563c

quoteIdentifier
A shield against injection
Autumn leaves no trace

HOW

🤖 Generated by Copilot at bb4563c

  • Escape field names in SQL conditions to prevent injection and support special characters (link)

@Corepex Corepex added this to the 10.5.21 milestone Apr 18, 2023
@github-actions
Copy link

github-actions bot commented Apr 18, 2023

Review Checklist

  • Target branch (10.5 for bug fixes, others 11.x)
  • Bug fix: check if files are affected that were moved to a bundle - create a PR there if applicable
  • Tests (if it's testable code, there should be a test for it - get help)
  • Docs (every functionality needs to be documented, see here)
  • Migration incl. install.sql (e.g. if the database schema changes, ...)
  • Upgrade notes (deprecations, important information, migration hints, ...)
  • Label
  • Milestone

@martineiber martineiber self-assigned this Apr 20, 2023
@martineiber martineiber merged commit 7e32cc2 into 10.5 Apr 20, 2023
13 checks passed
@martineiber martineiber deleted the fix_sql_injection_in_translation_api branch April 20, 2023 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants