sql queries not properly escaped
Bug #867651 reported by
Alex Launi
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Music Lens |
Confirmed
|
High
|
Alex Launi | ||
| Unity |
Invalid
|
Undecided
|
Unassigned | ||
| unity-lens-music (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
queries containing a ' cause errors and cause banshee to not report results. Theoretically this could also allow for a sql injection vulnerability. This threat is minimal however, as anyone who can search in the dash can also open a terminal and run any arbitrary command on the db.
| visibility: | private → public |
| Changed in unity-lens-music: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | nobody → Alex Launi (alexlauni) |
| milestone: | none → 0.2.8 |
| Changed in unity: | |
| status: | New → Confirmed |
| Changed in unity-lens-music (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Stephen M. Webb (bregma) wrote | #1 |
| Changed in unity: | |
| status: | Confirmed → Invalid |
To post a comment you must log in.
Problem no longer applies in the current Unity stack because of the smart scopes.