Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#30164] - [3.9] Missing typecasting SQL query plugin privacy actionlogs

?
avatar sandewt
sandewt
22 Jul 2020

Steps to reproduce the issue

File: \plugins\privacy\actionlogs\actionlogs.php:

See line 45:
->where($this->db->quoteName('a.user_id') . ' = ' . $user->id);

Expected result

->where($this->db->quoteName('a.user_id') . ' = ' . (int) $user->id);

Actual result

Missing typecasting SQL query.

System information (as much as possible)

Joomla! 3.9.21-dev Development [ Amani ] 14-July-2020 15:50 GMT

Additional comments

See https://docs.joomla.org/Secure_coding_guidelines

@zero-24

avatar sandewt sandewt - open - 22 Jul 2020
avatar joomla-cms-bot joomla-cms-bot - labeled - 22 Jul 2020
avatar sandewt sandewt - change - 22 Jul 2020
Title
Missing typecasting SQL query plugin privacy actionlogs
[3.9] Missing typecasting SQL query plugin privacy actionlogs
avatar sandewt sandewt - edited - 22 Jul 2020
avatar zero-24
zero-24 - comment - 22 Jul 2020

Can you send a PR with the proposed change?

avatar sandewt
sandewt - comment - 23 Jul 2020

Can you send a PR with the proposed change?

@zero-24

Done.

avatar alikon
alikon - comment - 23 Jul 2020

please test #30173

avatar alikon alikon - change - 23 Jul 2020
Status New Closed
Closed_Date 0000-00-00 00:00:00 2020-07-23 12:05:43
Closed_By alikon
avatar alikon alikon - close - 23 Jul 2020

Add a Comment

Login with GitHub to post a comment