Ticket #1668 (closed 改善提案: 修正済)

Opened 9 years ago

Last modified 7 years ago

SQL 文に内容が変化し得るPHP変数・定数値を直接埋め込まない

Reported by: Seasoft Owned by: somebody
Priority: Milestone: EC-CUBE2.12.0
Component: その他 Version: 2.12.0 α
Keywords: Cc:
修正済み: no

Description (last modified by Seasoft) (diff)

プレースホルダーを利用する。

  • 脆弱性リスクを軽減する。
  • SQL 文の変換不具合を軽減する。

Change History

comment:1 Changed 9 years ago by Seasoft

  • Description modified (diff)

comment:2 Changed 9 years ago by Seasoft

  • Summary changed from SQL 文に定数を直接記述しない to SQL 文に内容が変化し得るPHP変数・定数値を直接埋め込まない

comment:3 Changed 8 years ago by adachi

  • Milestone changed from EC-CUBE2.12.2 to EC-CUBE 2.12.3

comment:4 Changed 8 years ago by kim

  • Milestone changed from EC-CUBE2.12.3 to EC-CUBE2.12.4

comment:5 Changed 7 years ago by kim

  • Status changed from new to closed
  • Resolution set to 修正済
  • Milestone changed from EC-CUBE2.13.0 to EC-CUBE2.12.0

r21562 で対応いただきました。一度2.12.0のチケットしてクローズします。

Note: See TracTickets for help on using tickets.