View date parameter is not cleaned

Created on 10 May 2023, over 1 year ago

Updated 15 May 2023, over 1 year ago

Problem/Motivation

Exception: Failed to parse time string ((select*from(select+sleep(0)union/**/select+1)a)) at position 0 ((): The timezone could not be found in the database in DateTime->__construct() (line 63 of /xxxxxx/web/modules/contrib/date_pager/src/PagerDate.php).

Steps to reproduce

?date=%28select%2Afrom%28select%2Bsleep%280%29union/%2A%2A/select%2B1%29a%29

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Fixed

Version

2.0

Component

Code

Created by

🇩🇪Germany sleitner

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @sleitner
Comment over 1 year ago →
🇩🇪Germany sleitner
Status changed to Needs review over 1 year ago11:07pm 10 May 2023
Comment over 1 year ago →
🇩🇪Germany sleitner
Status changed to Fixed over 1 year ago4:56pm 15 May 2023
Comment over 1 year ago →
🇩🇪Germany Kate Heinlein Berlin
Thanks @sleitner!
Committed in 2.0.x-dev
Status changed to Fixed over 1 year ago4:58pm 15 May 2023
Comment over 1 year ago →
🇩🇪Germany Kate Heinlein Berlin

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024