Hey everyone!
If you''re using acts_as_taggable <= 1.04, (erm, any version, I
think..) please fix your local copy right now! There are numerous sql
sanitization holes in this library.
I notified Obie of this over a month ago, so hopefully he''s fixed it.
How to tell lif you''re vulnerable
=====================Make a tag with a single quote in it. See if raises an
error.
Now, go delete your entire database.
How to fix
=======add/change the last line of split_tag_names
tag_names = tag_names.flatten.map { |name|
ActiveRecord::Base.connection.quote_string(tag.name.strip) }
}.uniq.compact
-- Remember to restart your app.
court3nay
http://caboo.se :: we like big fonts and yellow highlighting
http://habtm.com :: personal codelog
http://placelist.com :: just like all the cool kids
" http://caboo.se :: we like big fonts and yellow highlighting " Ha! This killed me... Courtenay wrote:> Hey everyone! > > If you''re using acts_as_taggable <= 1.04, (erm, any version, I > think..) please fix your local copy right now! There are numerous sql > sanitization holes in this library. > > I notified Obie of this over a month ago, so hopefully he''s fixed it. > > How to tell lif you''re vulnerable > =====================> Make a tag with a single quote in it. See if raises an error. > Now, go delete your entire database. > > How to fix > =======> add/change the last line of split_tag_names > > tag_names = tag_names.flatten.map { |name| > ActiveRecord::Base.connection.quote_string(tag.name.strip) } > }.uniq.compact > > -- Remember to restart your app. > > court3nay > > http://caboo.se :: we like big fonts and yellow highlighting > http://habtm.com :: personal codelog > http://placelist.com :: just like all the cool kids > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails > >