Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fixed SQL injection issue in _Load_Users
That was probably the only place in the software that had SQL injection since we took the sort value and put it directly into the query. The sort value is now verified as a valid column. This wasn't really an issue however since the JSON entrypoint was only accessible via an admin account anyway.
- Loading branch information
Showing
1 changed file
with
31 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters