Search the forum...
Type to search...
Other Conditional Content questions
Roger Bilinda
Roger Bilinda
Method remove_mapping at line 132 of com_conditions/src/Controller/ItemController.php gets
user input from the get element. This element’s value then flows through the code without
being properly sanitized or validated, and is eventually used in a database query in method
removeMapping at line 173 of com_conditions/src/Model/ItemModel.php. This may enable an
SQL Injection attack.
Source Destination
File com_conditions/src/Controller/ItemContr
oller.php
com_conditions/src/Model/ItemModel.ph
p
Line 134 188
Object get execute
Code Snippet
File Name com_conditions/src/Controller/ItemController.php
Method public function remove_mapping()
....
134. $extension = $this->input->get('extension', '')
Peter van Westen
ADMIN
Peter van Westen
ADMIN
What are you basing this on?
Have you even tested the thing you are claiming?
The value is sanitized and does not get pushed into a query as plain text as you say...
Forum
SQL Injection
Roger Bilinda
Roger Bilinda
user input from the get element. This element’s value then flows through the code without
being properly sanitized or validated, and is eventually used in a database query in method
removeMapping at line 173 of com_conditions/src/Model/ItemModel.php. This may enable an
SQL Injection attack.
Source Destination
File com_conditions/src/Controller/ItemContr
oller.php
com_conditions/src/Model/ItemModel.ph
p
Line 134 188
Object get execute
Code Snippet
File Name com_conditions/src/Controller/ItemController.php
Method public function remove_mapping()
....
134. $extension = $this->input->get('extension', '')
Peter van Westen
ADMIN
Peter van Westen
ADMIN
Have you even tested the thing you are claiming?
The value is sanitized and does not get pushed into a query as plain text as you say...
Please post a rating at the
Joomla! Extensions Directory
You can only post on the extension support forum if you have an active subscription and you
log in
Buy a Pro subscription
Buy a Pro subscription