View Issue Details

IDProjectCategoryView StatusLast Update
0004076Composrcorepublic2020-01-31 02:44
ReporterChris GrahamAssigned ToChris Graham 
SeveritySecurity-hole 
Status resolvedResolutionfixed 
Product Version10.0.30 
Fixed in Version10.0.31 
Summary0004076: Security error in parameterised queries
DescriptionThe query_parameterised method is insecure, because its use of preg_replace can de-escaped escaped parameters.

Additionally parameter substitution is coded iteratively, meaning if parameterisation code is itself present in passed parameters an unexpected query will occur. While this is unlikely, it is not expected behaviour.

This issue is not being treated with normal security response as there are no current uses of query_parameterised in the official ecosystem. It is provided as an option for third-parties who prefer not to use regular Composr coding practices, but we are not aware of any third-parties utilising it as the method is not even publicly documented in any tutorials.

Only the source/database.php file is needed to fix. The other files are for automated testing.
TagsNo tags attached.
Attach Tags
Time estimation (hours)
Sponsorship open

Activities

admin

2020-01-31 02:44

administrator   ~0006340

Fixed in git commit 6b57abfab (https://gitlab.com/composr-foundation/composr/commit/6b57abfab - link will become active once code pushed to GitLab)

A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).

hotfix-4076, 2020-01-31 2am.tar (126,464 bytes)

Issue History

Date Modified Username Field Change