[v3.0.2.0 - Fix] - admin/model/extension/openbay/ebay.php

Quote

Post by straightlight » Sun Oct 15, 2017 6:15 am

This file has some SQL sanitizing issues.

Code: Select all

415    . "ebay_store_category` WHERE `parent_id` = '" . $row['ebay_store_category_
419    . "ebay_store_category` WHERE `parent_id` = '" . $row2['ebay_store_category
451   PREFIX . "ebay_category` WHERE `CategoryParentID` = '" . $parent . "'");
633    "ebay_category_history` WHERE `CategoryID` = '" . $original_id . "' LIMIT 1"
637    `used` = '" . $new . "' WHERE `CategoryID` = '" . $original_id . "' LIMIT 1"

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top

Re: [v3.0.2.0 - Fix] - admin/model/extension/openbay/ebay.php

Quote

Post by straightlight » Sun Oct 15, 2017 8:04 am

Find two instances of:

Code: Select all

'" . $this->db->escape($id) . "'
replace both with:

Code: Select all

'" .(int)$id . "'

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top
Post Reply
Return to “Bug Reports”
Who is online

Users browsing this forum: No registered users and 172 guests