Open ghost opened 3 years ago
Hi,
Hope you are all well !
I wanted to use phpgrep to check if my prestashop code is missing some escaping function for any sql statement.
For eg, in this commit https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8, you can see that the pSQL and (int) functions are missing.
Is it possible to grep a list of all "Db::getInstance()" and check if the variables are escaped or cast ?
Thanks for any insights or inputs on that :-)
Cheers, Luc Michalski
Hi,
Hope you are all well !
I wanted to use phpgrep to check if my prestashop code is missing some escaping function for any sql statement.
For eg, in this commit https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8, you can see that the pSQL and (int) functions are missing.
Is it possible to grep a list of all "Db::getInstance()" and check if the variables are escaped or cast ?
Thanks for any insights or inputs on that :-)
Cheers, Luc Michalski