Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 129537 Details for
Bug 187971
Gentoo Website Command Injection Issue
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix for sql injection in query_ebuild.py
query_ebuild.py.diff (text/plain), 711 bytes, created by
Christian Hoffmann (RETIRED)
on 2007-08-29 14:54:57 UTC
(
hide
)
Description:
fix for sql injection in query_ebuild.py
Filename:
MIME Type:
Creator:
Christian Hoffmann (RETIRED)
Created:
2007-08-29 14:54:57 UTC
Size:
711 bytes
patch
obsolete
>--- gentoo/src/packages/query_ebuild.py 2007-08-29 16:35:33.000000000 +0200 >+++ packages-fixes/query_ebuild.py 2007-08-29 16:33:34.000000000 +0200 >@@ -5,6 +5,7 @@ > import sys > import config > import gentoo,ebuilddb >+from MySQLdb import escape_string > > DEFAULT_EBUILD = "404" > PKG_DIR = config.EBUILD_FILES >@@ -35,7 +36,8 @@ > 'FROM ebuild,package WHERE ebuild.name="%s" AND ' > 'version="%s" AND ' > 'ebuild.name=package.name AND ebuild.category=package.category ' >- 'ORDER by when_found DESC LIMIT 1' % (name,version)) >+ 'ORDER by when_found DESC LIMIT 1' % (escape_string(name), >+ escape_string(version))) > #print query > c = db.cursor() > c.execute(query)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=129537">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 187971
:
129536
| 129537 |
136220
