Hi,
After some security tests carried out on my site (developed in OJS 3.3.0-11), one of the vulnerabilities detected was that SQL injection is possible.
Payload Used: 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
How can i solve this problem?
Hi,
After some security tests carried out on my site (developed in OJS 3.3.0-11), one of the vulnerabilities detected was that SQL injection is possible.
Payload Used: 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
How can i solve this problem?
Please don’t disclose potential security issues on the public forum; see ojs/SECURITY.md at main · pkp/ojs · GitHub
-Roger
PKP Team
See:
Regards,
Alec Smecher
Public Knowledge Project Team
I am facing this problem, what can be fixed?
old Code :function getByUsername($username, $allowDisabled = true) {
$result = $this->retrieve(
‘SELECT * FROM users WHERE username = ?’ . ($allowDisabled?‘’:’ AND disabled = 0’),
array($username)
);
$row = (array) $result->current();
return $row?$this->_returnUserFromRowWithData($row):null;
}
Replace with code but not worked for me any suggest // function getByUsername($username, $allowDisabled = true) {
$pdo = new PDO("mysql:host=localhost;dbname=example", "root", "testdb", array(PDO::ATTR_PERSISTENT => true));
$sql = 'SELECT * FROM users WHERE username = ?' . ($allowDisabled ? '' : ' AND disabled = 0');
$stmt = $pdo->prepare($sql);
$stmt->bindParam(1, $username, PDO::PARAM_STR);
// Execute the query
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$pdo = null;
return $row ? $this->_returnUserFromRowWithData($row) : null;
}
Hi @raju_singh,
It looks like you’re trying to integrate OJS with another system, and I can only provide limited help with that – but can you describe what the modification is supposed to accomplish, and what the current error/problem you’re facing is?
Regards,
Alec Smecher
Public Knowledge Project Team
Thank you for reply . I want to use only -_ in username, all other special charactors are to be removed. where chnages please suggest me .
Hi @raju_singh,
I see you’ve already posted this as a new topic; it’s not related to this one, so I’ll close this one in favour of the other. In the future, it’s best to choose just a single place to post each question.
Thanks,
Alec Smecher
Public Knowledge Project Team