| Anonymous | Login | Signup for a new account | 21-11-09 09:48 GMT |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0015244 | [phplist] Subscriber Import | major | always | 19-03-09 09:49 | 23-03-09 15:14 | ||
| Reporter | steveh | View Status | public | ||||
| Assigned To | |||||||
| Priority | normal | Resolution | fixed | ||||
| Status | resolved | Product Version | 2.10.9 | ||||
| Summary | 0015244: Potential for SQL injection in import | ||||||
| Description |
If records that are quote delimted are imported then the sql in users fails with syntax errors. |
||||||
| Additional Information |
Create a file:- "steve@xyz.com" "fred@bert.com" Import this file, then go to the user management page, you'll see sql syntax errors. |
||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
|
|
Notes |
|
|
(0050585) michiel (administrator) 23-03-09 15:14 |
fixed in svn, and will get to 2.10.10 but it will also be useful to remove the quotes at import time. |
