Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Parameter has to be filtered or escaped twice for different purposes: Once to prevent SQL injection and once more to prevent cross site scripting (XSS) attacks. The solution is to use an appropriate filter when needed. For example, just before sending plain text to the browser or mixing plain text with HTML, escape it with check_plain.
Comment | File | Size | Author |
---|---|---|---|
#6 | Prevent_sql_injection_with_parameter-3100809-6.patch | 885 bytes | Hardik_Patel_12 |
Comments
Comment #2
Hardik_Patel_12 CreditAttribution: Hardik_Patel_12 at QED42 commentedKindly apply and review patch
Comment #3
Hardik_Patel_12 CreditAttribution: Hardik_Patel_12 at QED42 commentedComment #4
renatogMakes sense.
We'll test but really looks good
Comment #5
renatogWe get this error:
Error: Call to undefined function Drupal\modal_page\check_plain() in Drupal\modal_page\ModalPage->getModalToShow()
Comment #6
Hardik_Patel_12 CreditAttribution: Hardik_Patel_12 at QED42 commentedResolved replaced check plain with Html::escape kindly review patch
Comment #7
renatogIt really looks good!
We'll test! Thanks a lot
Comment #8
renatogTested and really works well
Comment #10
renatogCommitted to the dev branch.
Thanks a lot!
Best,