Automatically closed - issue fixed for 2 weeks with no activity.
Follow-up to #2388255: (followup) Limit PDO MySQL to executing single statements if PHP supports it β
One of the reasons for the severity of https://www.drupal.org/SA-CORE-2014-005 β was the fact the PDO MySQL allows multiple statements to be executed.
This affects all database drivers, not just MySQL
Check all SQL strings and throw an exception if a delimiter is present. This should not cause any problems if all user data is interpolated via placeholders.
n/a
better DB security
Fixed
8.0 β°οΈ
database system
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.