[TASK] Properly encode database input in the right place 14/42614/4
authorHelmut Hummel <helmut.hummel@typo3.org>
Fri, 14 Aug 2015 13:45:15 +0000 (15:45 +0200)
committerNicole Cordes <typo3@cordes.co>
Sun, 16 Aug 2015 12:11:18 +0000 (14:11 +0200)
commita8eff85a186ec3f92ca4f5fef521271298d68f4a
treeb00932619df1658e90d34b86243b37d8ccf0616e
parent94e4a83a1ccf000e89a6f8196d94a4b5adbcd511
[TASK] Properly encode database input in the right place

This adds code that prevents potential SQL injections.
The core is not exploitable, as cleaning is done in other code parts.

Resolves: #69061
Releases: master, 6.2
Change-Id: Iba42adc6dd4abd3976b57f1dc84ba6585ea7bbd4
Reviewed-on: http://review.typo3.org/42614
Reviewed-by: Frank Nägler <frank.naegler@typo3.org>
Tested-by: Frank Nägler <frank.naegler@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/workspaces/Classes/Service/StagesService.php