I think we all knew about this vulnerabilities... And if not, we have been warned about them months ago...
But it is great that you fixed them. Regards, *Marcos García* marcos...@gmail.com 2013/10/18 Doursenaud, Raphaël <rdoursen...@gpcsolutions.fr> > > 2013/10/17 Laurent Léonard <laur...@open-minds.org> > >> As specified at the end of the article you pointed, those vulnerabilities >> are >> fixed in Dolibarr 3.4.1: >> > > It also says "However, their sanitization methods were not fixed, and no > mention was made on a future patch. Other SQLi vectors are likely." in the > introduction. > > We should think about converting the source code to use parametrized > queries. Maybe in a 4.0 branch ? > What's your opinion ? > -- > *Raphaël Doursenaud* > 05 35 53 97 13 - 06 68 48 20 10 > rdoursen...@gpcsolutions.fr > > <http://gpcsolutions.fr> > http://gpcsolutions.fr > Technopole Hélioparc > 2 avenue du Président Pierre Angot > 64053 PAU CEDEX 9 > SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 > <https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ><http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions> > > _______________________________________________ > Dolibarr-dev mailing list > Dolibarr-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/dolibarr-dev > >
_______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
