1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 15:22:41 +01:00
phorge-phorge/src/infrastructure
epriestley 9dc114d115 Make formatOrderClause() safer
Summary:
Ref T7803. Instead of trusting subqueries to provide safe values, escape them explicitly.

(We'll probably have a few cases somewhere where this doesn't work, but can make them the exception rather than the rule.)

Test Plan: Issued all "order" queries in Diffusion.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7803

Differential Revision: https://secure.phabricator.com/D12351
2015-04-13 11:58:13 -07:00
..
customfield Convert all tokenizers to take token/scalar inputs 2015-03-31 14:10:55 -07:00
daemon Increase the visibility of permanent task failures in task queue 2015-03-15 13:27:05 -07:00
diff Fix some odd looking arrays 2015-04-05 22:29:39 +10:00
edges Modernize remaining edge types 2015-01-03 10:58:20 +11:00
env Mostly defuse DNS rebinding attack for outbound requests 2015-03-26 11:12:22 -07:00
events Add a "did verify email" event to Phabricator 2015-02-11 14:39:06 -08:00
internationalization Diffusion - further fix translation of revert commit stories 2015-04-08 12:12:41 -07:00
javelin Allow Javelin initBehavior to source alternative library behaviors 2014-11-04 06:47:07 -08:00
lint/linter Use new FutureIterator instead of Futures 2014-12-30 23:13:38 +11:00
log Explicitly declare method/property visibility 2015-01-12 08:18:13 +11:00
management Add some of a billing daemon skeleton 2015-01-30 11:29:05 -08:00
markup Revert "Minor change to suppress linter warning" 2015-04-07 09:05:31 +10:00
query Make formatOrderClause() safer 2015-04-13 11:58:13 -07:00
sms Add "phabricator.silent" for stopping all outbound events from an install 2015-03-18 07:09:43 -07:00
ssh Proxy VCS SSH requests 2015-01-28 14:41:24 -08:00
storage Add a storage renamespace for mangling SQL dumpfiles into a new namespace 2015-03-17 18:29:01 -07:00
testing Improve task subpriority movement algorithm for homogenous blocks 2015-03-26 11:11:23 -07:00
time Change double quotes to single quotes. 2014-06-09 11:36:50 -07:00
util Enforce that global locks have keys shorter than 64 characters 2015-04-02 13:42:22 -07:00
PhabricatorEditor.php Use ManiphestTaskQuery in nearly all interfaces 2013-09-25 13:44:14 -07:00