[TASK] Properly encode database input in the right place 61/42661/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Fri, 14 Aug 2015 13:45:15 +0000 (15:45 +0200)
committerNicole Cordes <typo3@cordes.co>
Sun, 16 Aug 2015 12:13:40 +0000 (14:13 +0200)
commit0a6948c2ab5ad130bbf1f78df081c9e5be572c7c
tree00d6395bd18731f40894e0f1c947ec573bfa47db
parent4e1e07f5e4a9ba1d9ee8d2aa26d556d4a5e230c8
[TASK] Properly encode database input in the right place

This adds code that prevents potential SQL injections.
The core is not exploitable, as cleaning is done in other code parts.

Resolves: #69061
Releases: master, 6.2
Change-Id: Iba42adc6dd4abd3976b57f1dc84ba6585ea7bbd4
Reviewed-on: http://review.typo3.org/42661
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/workspaces/Classes/Service/StagesService.php