Commit Graph

6 Commits

Author SHA1 Message Date
Joshua Wise
3fb2c06cba Potential SQL injection in Local_group::setNickname()
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:11:26 -07:00
Evan Prodromou
9ca3c3d1c3 move core schema to class files 2011-08-22 17:52:02 -04:00
Siebrand Mazeland
5813ecada2 * add translator documentation
* mark strings for translation
* add FIXME for unclear/confusing message
2010-07-29 13:01:04 +02:00
Evan Prodromou
e6858d7203 modify group actions so they use Local_group to look up by nickname 2010-02-25 08:44:15 -05:00
Evan Prodromou
68a10970f9 fixup exe bits 2010-02-24 23:30:14 -05:00
Evan Prodromou
bd68154772 Make user_group able to handle remote groups
We add a local_group table to store data about local groups. It has
the unique key for nickname, so /group/<nickname> looks up here.

Updated DB data object classes and data files.
2010-02-24 23:28:41 -05:00