This repository was archived by the owner on May 16, 2018. It is now read-only.
·
5 commits
to master
since this release
Security Updates
- ZF2016-03: The implementation of
ORDER BYandGROUP BYinZend_Db_Selectremained prone to SQL injection when a combination of SQL expressions and comments were used. This release provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensure no SQLi vectors occur. We advise always filtering user input prior to invoking these methods, however, to further protect your applications.