J3 Issue ?
avatar sandewt
sandewt
8 Sep 2018

Steps to reproduce the issue

With the MySQL database, numeric fields should not be quoted, so it is important that they be typecast instead. (cf: 'Secure_coding_guidelines')

File in case: ...\plugins\system\privacyconsent\privacyconsent.php

Line: 579

->where($db->quoteName('id') . ' = ' . $db->quote($user->id));

Should be typecast

->where($db->quoteName('id') . ' = ' . (int) $user->id);

Line: 649 (casting is missing)

->where($db->quoteName('id') . ' = ' . $user->id);

Should be typecast

->where($db->quoteName('id') . ' = ' . (int) $user->id);

System information (as much as possible)

J.3.9

Additional comments

See https://docs.joomla.org/Secure_coding_guidelines

avatar sandewt sandewt - open - 8 Sep 2018
avatar joomla-cms-bot joomla-cms-bot - labeled - 8 Sep 2018
avatar brianteeman brianteeman - labeled - 8 Sep 2018
avatar brianteeman brianteeman - change - 8 Sep 2018
Labels Added: J3 Issue
avatar alikon
alikon - comment - 9 Sep 2018

should be fixed in #22088 please test

avatar franz-wohlkoenig
franz-wohlkoenig - comment - 9 Sep 2018

closed as having Pull Request #22088

avatar franz-wohlkoenig franz-wohlkoenig - change - 9 Sep 2018
Status New Closed
Closed_Date 0000-00-00 00:00:00 2018-09-09 09:30:41
Closed_By franz-wohlkoenig
avatar joomla-cms-bot joomla-cms-bot - change - 9 Sep 2018
Closed_Date 2018-09-09 09:30:41 2018-09-09 09:30:42
Closed_By franz-wohlkoenig joomla-cms-bot
avatar joomla-cms-bot joomla-cms-bot - close - 9 Sep 2018
avatar joomla-cms-bot
joomla-cms-bot - comment - 9 Sep 2018

Add a Comment

Login with GitHub to post a comment