Skip to content

Draft: Escape all values interpolated in SQL queries in the Perso controller

nono a demandé de fusionner (removed):119-fix-various-vulnerabilities vers preprod

One of the parameters was correctly escaped with \Utils::asl() (a wrapper around addslashes()), but not in the right context: it is only effective when the value is interpolated in a SQL string.

Closes #119

Rapports de requête de fusion