Opened 7 years ago
Last modified 7 years ago
#1622 closed Bug/Fehler
Potentielle Sicherheitslücken in /includes/classes/shopping_cart.php — at Version 3
| Reported by: | Owned by: | somebody | |
|---|---|---|---|
| Priority: | hoch | Milestone: | modified-shop-2.0.5.0 |
| Component: | Sicherheit | Version: | 2.0.4.2 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description (last modified by )
Einige Variablen werden ungeprüft in Datenbankabfragen genutzt.
Suchen nach:
WHERE products_id = '".$products_id."'
Ersetzen mit:
WHERE products_id = '".xtc_get_prid($products_id)."'
Suchen nach (mehrfach):
'customers_id' => $_SESSION['customer_id']
Ersetzen mit:
'customers_id' => (int)$_SESSION['customer_id']
Suchen nach (mehrfach):
=> $qty
Ersetzen mit:
=> (int)$qty
Suchen nach:
xtc_db_input($qty)
Ersetzen mit:
(int)$qty
Change History (3)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Milestone: | → modified-shop-2.0.5.0 |
comment:2 by , 7 years ago
comment:3 by , 7 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
Sicher, daß die angegebene Datei stimmt ?
Ich finde nichts davon in /includes/classes/shopping_cart.php.
Gruß,
noRiddle