Opened 7 years ago
Last modified 7 years ago
#1622 closed Bug/Fehler
Potentielle Sicherheitslücken in /includes/classes/shopping_cart.php — at Initial Version
| Reported by: | Owned by: | somebody | |
|---|---|---|---|
| Priority: | hoch | Milestone: | modified-shop-2.0.5.0 |
| Component: | Sicherheit | Version: | 2.0.4.2 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
Einige Variablen werden ungeprüft in Datenbankabfragen genutzt.
Suchen nach:
WHERE products_id = '".$products_id."'
Ersetzen mit:
WHERE products_id = '".xtc_get_prid($products_id)."'
Suchen nach (mehrfach):
'customers_id' => $_SESSION['customer_id']
Ersetzen mit:
'customers_id' => (int)$_SESSION['customer_id']
Suchen nach (mehrfach):
=> $qty
Ersetzen mit:
=> (int)$qty
Suchen nach:
xtc_db_input($qty)
Ersetzen mit:
(int)$qty
Note:
See TracTickets
for help on using tickets.
