-
-
Notifications
You must be signed in to change notification settings - Fork 861
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL injection using length input #3141
Comments
Thanks for reporting, I think this is already fixed in versions 10 & 11 as it ensures that public function length(): int
{
$length = $this->request->input('length', 10);
return is_numeric($length) ? intval($length) : 10;
} Please upgrade to at least 10.x version. |
If you can't upgrade for some reason, feel free to submit a PR to the |
@yajra Is there any breaking changes when we upgrade to 10.x version? I'm currently using laravel8. And I also noticed that the website documentation is down. |
The docs site is fixed. I think there is not much-breaking change from 9.x to 10.x and 11.x |
This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
Summary of problem or feature request
So my friends are using this package and seems like someone have been using sql injection on them
after tons of investigations and using telescope to see what's going on, seems like the length input isn't validated as numeric at all.
Code snippet of problem
System details
The text was updated successfully, but these errors were encountered: