[#39108] - [4] missed prepared statement
- Fixed in Code Base
- 28 Nov 2022
- Medium
- Build: 4.2-dev
- # 39108
- Diff
- alikon:patch-14
User tests: Successful: Unsuccessful:
Pull Request for Issue # .
Summary of Changes
use prepared statement
Testing Instructions
code review
install/unistall modules
Actual result BEFORE applying this Pull Request
works
Expected result AFTER applying this Pull Request
works as before
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
There are more (similar) missing prepared statements, eg:
\administrator\components\com_finder\src\Indexer\Adapter.php
$groups = implode(',', $user->getAuthorisedViewLevels()); // line 772:
...
->where($this->db->quoteName('link') . ' = ' . $this->db->quote($url))
...
->where($this->db->quoteName('access') . ' IN (' . $groups . ')');
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39108.
There are more (similar) missing prepared statements, eg:
Possibly. But that could be done with another PR since that's in another file.
Spam removed
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39108.
| Status | Pending | ⇒ | Ready to Commit |
| Labels |
Added:
?
Maintainers Checked
|
||
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39108.
| Labels |
Added:
?
|
||
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-11-28 08:35:45 |
| Closed_By | ⇒ | laoneo |
Thanks you!
I have tested this item✅ successfully on 69c8ede
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39108.