Project

General

Profile

Bug #388

Possible security issues

Added by Carlos Vargas almost 10 years ago. Updated over 9 years ago.

Status:
Bug resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
07/12/2009
Due date:
% Done:

90%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

Checking some security issues

History

#1

Updated by Carlos Vargas almost 10 years ago

  • % Done changed from 0 to 30

Actualizado por Julio Montoya hace 5 meses

Comment

Database::escape_string added main/admin/statistics/statistics.lib.php SVN#21896
Adding is_numeric function to get a real id value, adding security remove_XSS functions and Database::escape_string SVN#21901
Cleaning more code SVN#21902
Adding security remove_XSS functions and Database::escape_string SVN#21903 (announcements)
#2
Actualizado por Julio Montoya hace 4 meses

Comment

Found more sql queries with out escape_string or intval function see SVN#22357
More also found in the search tool SVN#22359
#3
Actualizado por Julio Montoya hace 4 meses

Comment

In main_api.lib also some issues SVN#22362
#4
Actualizado por Yannick Warnier hace 3 meses

  • VersiĆ³n prevista changed from 1.8.6 to 1.8.6.2 * Complexity set to Average

#5
Actualizado por Yannick Warnier hace 3 meses

  • Severity changed from Low to High

#6
Actualizado por Julio Montoya hace alrededor de 1 mes

Comment

Some security fixes see
https://sources.dokeos.com/public/dokeos/rev/08263b08e2fc

Adding some intval and escape_string functions see
https://sources.dokeos.com/public/dokeos/rev/265b719f4155
#7
Actualizado por Julio Montoya hace alrededor de 1 mes

Comment

Adding intval function to querys see
https://sources.dokeos.com/public/dokeos/rev/9de027c37503
https://sources.dokeos.com/public/dokeos/rev/b2083c3e9c65
#8
Actualizado por Julio Montoya hace alrededor de 1 mes

Comment

Adding intval function to querys see:
https://sources.dokeos.com/public/dokeos/rev/80a6a5105f7d

#2

Updated by Yannick Warnier almost 10 years ago

  • Target version changed from 1.8.6.2 alpha to 1.8.6.2 RC1
#3

Updated by Julio Montoya almost 10 years ago

  • Status changed from New to Assigned
  • Target version changed from 1.8.6.2 RC1 to 1.8.7
  • % Done changed from 30 to 50

If I found some security issues I'm reporting here.

#5

Updated by Julio Montoya over 9 years ago

  • Status changed from Assigned to Bug resolved
  • % Done changed from 50 to 90

New security issues will be added here...

Also available in: Atom PDF