Search term is not sanitized

Created on 8 April 2018, about 7 years ago

Updated 29 April 2025, 2 months ago

The search term is used as is in an sql query, which leads to SQL injections.
Please see https://www.drupal.org/docs/8/security/secure-database-queries →

Also, the results should be restricted per user. It shouldn't allow user A to see user B's files.

🐛 Bug report

Status

Needs review

Version

1.0

Component

Code

Created by

ufku

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 2 months ago →
🇱🇹Lithuania k-l
Attaching patch for v2.0 version. Also Changed to use entity query instead of simple select.

Production build 0.71.5 2024