Fixed multiply where cluese in db_pager and two other implode vulnerabilities.

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt

index 8d4bf60a95d4ada06a04a8efc21811db1fa2bab1..77f65cc327fc81f63468236935b05fef1e02f7eb 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,13 @@ Legend:
  ! -> Note
  $ -> Affected files
  
+11-Nov-2010 Janusz Dobrowolski
+# Fixed slq_gen for multiply extra wghere clauses
+$ /includes/db_pager.inc
+# Fixed implode injection vulnerabilities.
+$ /includes/db/crm_contacts_db.inc
+  /sales/includes/db/cust_trans_details_db.inc
+
  10-Nov-2010 Janusz Dobrowolski
  # Additional fix for setting local_path_to_root in find_custom_file()
  $ /includes/main.inc
@@ -273,7 +280,7 @@ $ /purchasing/includes/supp_trans_class.inc
    /purchasing/view/view_supp_credit.php
    /gl/includes/db/gl_db_trans.inc
  
-06-Oct-2010 Jusz Dobrowolski
+06-Oct-2010 Janusz Dobrowolski
  # Fixed gettext for extension links.
  $ /reporting/includes/reports_classes.inc
  ! Added helper for gettext domain switching
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 11 Nov 2010 10:00:07 +0000 (10:00 +0000)