“onsidered an improvement of the previous ZF2016-02 and ZF2014-04 advisories. As a final consideration, we recommend developers either never use user input for these operations, or filter user input thoroughly prior to invoking Zend_Db. You can use the Zend_Db_Select:”

haromitsu のブックマーク 2016/09/15 14:11

<blockquote class="hatena-bookmark-comment"><a class="comment-info" href="https://b.hatena.ne.jp/entry/301402627/comment/haromitsu" data-user-id="haromitsu" data-entry-url="https://b.hatena.ne.jp/entry/s/framework.zend.com/security/advisory/ZF2016-03" data-original-href="https://framework.zend.com/security/advisory/ZF2016-03" data-entry-favicon="https://cdn-ak2.favicon.st-hatena.com/64?url=https%3A%2F%2Fframework.zend.com%2Fsecurity%2Fadvisory%2FZF2016-03" data-user-icon="/users/haromitsu/profile.png">Security Advisory - Security - Zend Framework</a><br><p style="clear: left">“onsidered an improvement of the previous ZF2016-02 and ZF2014-04 advisories. As a final consideration, we recommend developers either never use user input for these operations, or filter user input thoroughly prior to invoking Zend_Db. You can use the Zend_Db_Select:”</p><a class="datetime" href="https://b.hatena.ne.jp/haromitsu/20160915#bookmark-301402627"><span class="datetime-body">2016/09/15 14:11</span></a></blockquote><script src="https://b.st-hatena.com/js/comment-widget.js" charset="utf-8" async></script>

このブックマークにはスターがありません。
最初のスターをつけてみよう！

Security Advisory - Security - Zend Framework

framework.zend.com2016/09/15

ZF2016-03: Potential SQL injection in ORDER and GROUP functions of ZF1 The implementation of ORDER BY and GROUP BY in Zend_Db_Select rem ained prone to SQL injection when a combination of SQL expres...

7 人がブックマーク・3 件のコメント

他のコメントを読む

＼コメントがサクサク読めるアプリです／

はてなブックマーク

Security Advisory - Security - Zend Framework

はてなブックマーク

公式Twitter

はてなのサービス