View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004076||Composr||core||public||2020-01-31 02:44||2020-01-31 02:44|
|Reporter||Chris Graham||Assigned To||Chris Graham|
|Fixed in Version||10.0.31|
|Summary||0004076: Security error in parameterised queries|
|Description||The query_parameterised method is insecure, because its use of preg_replace can de-escaped escaped parameters.|
Additionally parameter substitution is coded iteratively, meaning if parameterisation code is itself present in passed parameters an unexpected query will occur. While this is unlikely, it is not expected behaviour.
This issue is not being treated with normal security response as there are no current uses of query_parameterised in the official ecosystem. It is provided as an option for third-parties who prefer not to use regular Composr coding practices, but we are not aware of any third-parties utilising it as the method is not even publicly documented in any tutorials.
Only the source/database.php file is needed to fix. The other files are for automated testing.
|Tags||No tags attached.|
|Time estimation (hours)|
Fixed in git commit 6b57abfab (https://gitlab.com/composr-foundation/composr/commit/6b57abfab - link will become active once code pushed to GitLab)
A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).
hotfix-4076, 2020-01-31 2am.tar (126,464 bytes)