Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Fix Admin Search Find API SQL Injection #14972

Merged
merged 1 commit into from Apr 25, 2023

Conversation

mattamon
Copy link
Contributor

@mattamon mattamon commented Apr 19, 2023

Additional info

WHAT

🤖 Generated by Copilot at 812e8d7

Enhanced search query functionality and security in SearchController.php. Added exception handling for syntax errors and input sanitization to prevent SQL injection.

🤖 Generated by Copilot at 812e8d7

$fields sanitized
No SQL injection in spring
SyntaxErrorException

HOW

🤖 Generated by Copilot at 812e8d7

  • Import SyntaxErrorException class to handle SQL syntax errors in search query (link)
  • Sanitize $fields variable to remove SQL comments that could affect query execution (link)

@mattamon mattamon added this to the 10.5.21 milestone Apr 19, 2023
@github-actions
Copy link

Review Checklist

  • Target branch (10.5 for bug fixes, others 11.x)
  • Bug fix: check if files are affected that were moved to a bundle - create a PR there if applicable
  • Tests (if it's testable code, there should be a test for it - get help)
  • Docs (every functionality needs to be documented, see here)
  • Migration incl. install.sql (e.g. if the database schema changes, ...)
  • Upgrade notes (deprecations, important information, migration hints, ...)
  • Label
  • Milestone

@mattamon mattamon changed the title Remove sql comments and add different exception on syntax error [Security] Fix Admin Search Find API SQL Injection Apr 19, 2023
@martineiber martineiber merged commit 25ad867 into 10.5 Apr 25, 2023
13 checks passed
@martineiber martineiber deleted the fix-admin-search-find-api-sql-injection branch April 25, 2023 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants