Changes between Initial Version and Version 1 of Ticket #3945


Ignore:
Timestamp:
Jul 5, 2011, 1:25:15 PM (13 years ago)
Author:
dmorissette
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #3945

    • Property Cc dmorissette assefa sdlime aboudreault added
    • Property Owner changed from aboudreault to assefa

  • Ticket #3945 – Description

    initial v1  
    3131
    3232Summary :
    33 
     33{{{
    3434line 2080: pszBuffer = msStringConcatenate(pszBuffer, (char *)pszProcedureItem);
     35}}}
    3536and
     37{{{
    3638line 2086: pszBuffer = msStringConcatenate(pszBuffer,  tokens[j]);
    37 
     39}}}
    3840from mapogcsos.c are potential candidate for SQL injection, but it *looks* like both values are tested against the sos_procedure and sos_procedure_item metadata item from the mapfile. The eye from someone familiar with this piece of code would be needed to confirm that.
    3941