Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize input before querying the database #4

Open
DAlperin opened this issue Aug 1, 2022 · 1 comment
Open

Sanitize input before querying the database #4

DAlperin opened this issue Aug 1, 2022 · 1 comment
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@DAlperin
Copy link

DAlperin commented Aug 1, 2022

I'm not 100% sure but it kind of feels like words aren't being properly escaped in the SQL queries. Putting a 'or 1=1; on a line seems to pretty consistently mess things up and or crash the app for me. I was looking in the Editor.js files and it kind of looks like there is just raw string interpolation happening in the queries but I'm not sure.

Super cool app though :) I really like it so far.
@zehfernandes zehfernandes added the bug Something isn't working label Aug 4, 2022
@zehfernandes
Copy link
Owner

Good catch! You are right a sanitization before query the DB will fix the problem.

@zehfernandes zehfernandes added the good first issue Good for newcomers label Aug 4, 2022
@zehfernandes zehfernandes changed the title Input sanitization? Sanitize input before querying the database Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zehfernandes @DAlperin