Ampache 3.5.1 uses depreciated mysql_escape_string() function

Bug #454892 reported by Charlie_Smotherman on 2009-10-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ampache (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: ampache

Ampache uses the depreciated mysql_escape_string() function in /modules/getid3/extension.cache.mysql.php. This makes ampache vulnerable to possible sql injections. Ampache should use mysql_real_escape_string() function instead

Related branches

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ampache - 3.5.1-1ubuntu2

---------------
ampache (3.5.1-1ubuntu2) karmic; urgency=low

   * Changed /modules/getid3/extension.cache.mysql.php to use
     mysql_real_escape_string() instead of mysql_escape_string() which is now
     depreciated. This is needed to correct a potential sql_injection
     vulnerability. (LP: #454892)

 -- Charlie Smotherman <email address hidden> Sun, 18 Oct 2009 08:50:25 -0500

Changed in ampache (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers