Security enhancement: Users should be created and edited via the ORM in UserEditor.php

ChurchCRM / CRM

ChurchCRM is an OpenSource Church CRM & Management Software.

https://ChurchCRM.io

MIT License

636 stars 445 forks source link

Security enhancement: Users should be created and edited via the ORM in UserEditor.php #7071

Open DAcodedBEAT opened 5 months ago

DAcodedBEAT commented 5 months ago

Is your feature request related to a problem? Please describe.

UserEditor.php still manually crafts a SQL string for data insertion. Using the ORM enforces OOP and implicitly uses prepared statements, which prevents SQL injection attacks

Describe the solution you'd like

Use the ORM in UserEditor.php

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] commented 3 days ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.