Hi,
On Monday, 26 August 2013 at 12:20 AM, Rouslan Placella wrote:
On 08/25/2013 10:14 AM, Ayush Chaudhary wrote:
Hi,
I was writing Selenium tests for editing an event. While creating an event, I created it with the clause 'EVERY 2 MINUTE_SECOND' and it worked fine. However, MySQL stores it as '0:2', so when I go to edit the event, the default value for interval field is '0:2', and then when I submit the edit form, our code takes the intval from 0:2 and forms the query 'EVERY 0 MINUTE_SECOND' and this creates an error.
Is there a specific reason why intval is being used in rte_events.lib.php on Line 585? If not, should I remove that and issue a pull request?
IIRC, intval was used there to sanitize user input. If you remove it, you'll need to add something else to avoid sql injections.
Shouldn't addslashes be fine? And moreover, since the query will be executed via PMA_DatabaseInterface class, shouldn't that alone take care of sanitisation against sql injection?
Bye, Rouslan
Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clk...
Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net (mailto:Phpmyadmin-devel@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel