Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dirk Maes 6 posts 26 karma points
    Feb 21, 2014 @ 12:01
    Dirk Maes
    0

    Umbraco 6.1.2 ~ SQL Injection oh noez!

    When you try to create a new Node in the content tree and you put an '@' in the name (@test), you get the following exception.

    Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')

     

    Exception Details: System.ArgumentException: Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')

    ...

    This doesn't seem very safe, what do you think? :-)

  • Karlo Medallo 14 posts 36 karma points
    Feb 24, 2014 @ 12:55
    Karlo Medallo
    0

    Hah! This could be related to the problem I'm having now on 6.1.6. When I Delete or Move Contents with nodes having "@" sign, I get the same Exception

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies