Ticket #383 (closed defect: fixed)
Sanitize LoadRecentComments() and LoadRecentlyCommented()
| Reported by: | DotMG | Owned by: | DotMG |
|---|---|---|---|
| Priority: | highest | Milestone: | 1.1.6.3 |
| Component: | core | Version: | 1.1.6.2 |
| Severity: | major | Keywords: | security, comments |
| Cc: |
Description (last modified by DarTar) (diff)
The (currently unused) $limit parameter in LoadRecentComments() and LoadRecentlyCommented() is not sanitized.
Note:
For unmodified installations, there is NO SECURITY RISK as all original releases of WikkaWiki (including versions prior to 1.1.6.2) do not make use of this parameter.
Where does this apply:
If the owner of a WikkaWiki-powered website modifies the installation, and adds new functionality making use of this parameter, then the value passed to this parameter is not sanitized and could raise a potential vulnerability (SQL injection).
Solution:
To sanitize it, use
$limit = intval($limit)
Fixed in [241]
Change History
Note: See
TracTickets for help on using
tickets.
