Closed sedan07 closed 3 years ago
Congratulations on opening your first Pull Request, this is a momentous day for you and us! :sparkles: To help us out, please make sure that you've followed the below:
Hooray! Your first Pull Request was merged, here's to many more :rocket:
Great, thanks!
Hi, this commit is also a security patch, which is fix a SQL injection vulnerability.
I have sent a detail to you, release a new security advisories please.
Currently if you use the search feature of the API along with pagination, specifying the page you want (
page
param) Cachet throws a 500 error as it addspage
and value you gave the param as a WHERE clause, even though the table in question doesn't have apage
column.Broken:
/api/v1/incidents?per_page=6&page=1&status=3
Works:/api/v1/incidents?per_page=6&page=1
Works:/api/v1/incidents?per_page=6&status=1
Works:/api/v1/incidents?status=1