Mixxx

  1. Series 1.9
  2. Bug #768022
  3. Comment #3

Comment 3 for bug 768022

Revision history for this message
William Good (bkgood) wrote : Re: sql bug in library search code (possible injection attacks possible?)

Could this be fixed by just subbing in the search term after the .arg calls are made? Also, this is a bit weird as the qt docs (http://doc.qt.nokia.com/latest/qstring.html#arg) say the markers must be in %[1-99], i.e., not including zero, so I'm not sure why QString::arg is subbing it out, but this bug will still be triggered by other strings beginning with numerals (if I'm understanding this correctly).