Closed Bug 491758 Opened 16 years ago Closed 16 years ago

SQL injection possible when editing collections

Tracking

(Not tracked)

Status:

RESOLVED INVALID

Milestone:

5.0.6

People

(Reporter: clouserw, Assigned: lorchard)

Details

Wil Clouser [:clouserw]

Reporter

Description

•

16 years ago

If you click "edit" on a collection and put a single quote into either the name or description the query fails with a parse error.

Fred Wenzel [:wenzel]

Comment 1

•

16 years ago

Did you confirm this on the code base from bug 456132? If it's not present there, this bug is invalid.

Wil Clouser [:clouserw]

Reporter

Comment 2

•

16 years ago

I used current trunk. Maybe I'm getting ahead of myself.

Fred Wenzel [:wenzel]

Comment 3

•

16 years ago

Yes, sorry ;) But you can volunteer to review bug 456132? I am sure Ryan wouldn't mind you doing that single-handedly, so to speak.

Status: NEW → RESOLVED

Closed: 16 years ago

Resolution: --- → INVALID

Fred Wenzel [:wenzel]

Comment 4

•

16 years ago

PS: I hope that pun wasn't "too soon" ;)

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: addons.mozilla.org → addons.mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

SQL injection possible when editing collections

Categories

(addons.mozilla.org Graveyard :: Collections, defect)

Tracking

(Not tracked)

People

(Reporter: clouserw, Assigned: lorchard)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Comment 4

Updated