Fixing potential SQL injection vectors
Dieser Commit ist enthalten in:
Ursprung
7997703c0a
Commit
0771622e09
@ -99,6 +99,10 @@ public class MySQL {
|
||||
return null;
|
||||
}
|
||||
|
||||
public static String disarmString(String s){
|
||||
return s.replace("'", "");
|
||||
}
|
||||
|
||||
public Connection getCon() {
|
||||
return con;
|
||||
}
|
||||
|
@ -46,6 +46,7 @@ public class Schematic {
|
||||
}
|
||||
|
||||
public static Schematic getSchemFromDB(String schemName, int schemOwner){
|
||||
schemName = MySQL.disarmString(schemName);
|
||||
ResultSet schematic = sql.select("SELECT * FROM Schematic WHERE SchemName = '" + schemName + "' AND SchemOwner = '" + schemOwner + "'");
|
||||
try {
|
||||
if(schematic == null || !schematic.next()){
|
||||
|
@ -63,6 +63,7 @@ public class WarkingUser {
|
||||
}
|
||||
|
||||
public static WarkingUser get(String userName){
|
||||
userName = MySQL.disarmString(userName);
|
||||
for(WarkingUser user : allUsers)
|
||||
if(user.UserName.equalsIgnoreCase(userName))
|
||||
return user;
|
||||
|
In neuem Issue referenzieren
Einen Benutzer sperren