Patch attached.

CommentFileSizeAuthor
#1 SA-CORE-2014-005-D7.patch747 bytesDavid_Rothstein
sql-injection-135988-70-D8.patch2.44 KBcatch

Comments

David_Rothstein’s picture

David_Rothstein commented
StatusFileSize
new SA-CORE-2014-005-D7.patch747 bytes

For reference, here's the D7 patch (with the code fix only).

Status: Needs review » Needs work

The last submitted patch, 1: SA-CORE-2014-005-D7.patch, failed testing.

David_Rothstein’s picture

David_Rothstein commented
Status: Needs work » Needs review

Links to the full D7 change (both fix and tests):
http://cgit.drupalcode.org/drupal/commit/?id=26a7752c34321fd9cb889308f50...
http://cgit.drupalcode.org/drupal/commit/?id=449c7028749767f2de5eff4bbba...

Suggested commit message (based on the D7 commits):

Issue #2357249 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi: Fixed SA-CORE-2014-005 (SQL injection).
pwolanin’s picture

pwolanin commented
Status: Needs review » Reviewed & tested by the community

same fix as D7

Crell’s picture

Crell commented

+1 confirmed let's commit it.

  • catch committed 19b32a3 on 8.0.x 
    Issue #2357249 by Stefan Horst, greggles, larowlan, David_Rothstein,...
catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.0.x, thanks!

penyaskito’s picture

penyaskito
he/him
Primary language Spanish
Location 🧑🏽‍🌾 Seville 💃 Andalusia, UTC+2 🇪🇺
commented
Related issues: +#2357311: Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases)

Follow-up: #2357311: Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.