Bug #51093
closed
Task #49162: Rewrite install tool
Create database "databaseName" not escaped ...
Added by Christian Kuhn almost 11 years ago.
Updated over 6 years ago.
Description
This might fail with "-" sign in database name and is also a possible sqli?
6.2 only, TYPO3\CMS\Install\Controller\Action\Step\DatabaseSelect
This can't be handly by dbal so we should not support it in the install tool.
- Target version changed from next-patchlevel to 7.4 (Backend)
- Category changed from Install Tool to 1601
- Target version changed from 7.4 (Backend) to 7.5
- Assignee set to Morton Jonuschat
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43016
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43016
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43016
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF