0004076: Security error in parameterised queries

ID	Project	Category	View Status	Date Submitted	Last Update

0004076	Composr	core	public	2020-01-31 02:44	2020-01-31 02:44

Reporter	Chris Graham	Assigned To	Chris Graham
Severity	Security-hole
Status	resolved	Resolution	fixed
Product Version	10.0.30
Fixed in Version	10.0.31

Summary	0004076: Security error in parameterised queries
Description	The query_parameterised method is insecure, because its use of preg_replace can de-escaped escaped parameters. Additionally parameter substitution is coded iteratively, meaning if parameterisation code is itself present in passed parameters an unexpected query will occur. While this is unlikely, it is not expected behaviour. This issue is not being treated with normal security response as there are no current uses of query_parameterised in the official ecosystem. It is provided as an option for third-parties who prefer not to use regular Composr coding practices, but we are not aware of any third-parties utilising it as the method is not even publicly documented in any tutorials. Only the source/database.php file is needed to fix. The other files are for automated testing.
Tags	No tags attached.

Time estimation (hours)
Sponsorship open

admin 2020-01-31 02:44 administrator ~0006340	Fixed in git commit 6b57abfab (https://gitlab.com/composr-foundation/composr/commit/6b57abfab - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). hotfix-4076, 2020-01-31 2am.tar (126,464 bytes)