Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.pift_server_retest_check() and pift_server_send_file_data() both contain queries that are using an old, potentially insecure style of passing arguments to db_query.
these need to be fixed by using proper placeholders.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | pift_query_rewrite.patch | 7.33 KB | hunmonk |
| #1 | pift_query_rewrite.patch | 7.23 KB | hunmonk |
Comments
Comment #1
hunmonk commentedattached places all query argument in proper placeholders for the offending queries.
note, still needs some cursory testing to make sure i didn't foul anything up.
Comment #2
hunmonk commentedcommitted attached to HEAD. basically the same patch as above, i just needed to massage the array merging code a bit.
code is tested and working.
Comment #3
(not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.