2013/10/17 Laurent Léonard <laur...@open-minds.org> > As specified at the end of the article you pointed, those vulnerabilities > are > fixed in Dolibarr 3.4.1: >
It also says "However, their sanitization methods were not fixed, and no mention was made on a future patch. Other SQLi vectors are likely." in the introduction. We should think about converting the source code to use parametrized queries. Maybe in a 4.0 branch ? What's your opinion ? -- *Raphaël Doursenaud* 05 35 53 97 13 - 06 68 48 20 10 rdoursen...@gpcsolutions.fr -- <http://gpcsolutions.fr> http://gpcsolutions.fr Technopole Hélioparc 2 avenue du Président Pierre Angot 64053 PAU CEDEX 9 SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 <https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ><http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions>
_______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
