When you try to create a new Node in the content tree and you put an '@' in the name (@test), you get the following exception.
Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')
Exception Details: System.ArgumentException: Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')
...
This doesn't seem very safe, what do you think? :-)
Umbraco 6.1.2 ~ SQL Injection oh noez!
When you try to create a new Node in the content tree and you put an '@' in the name (@test), you get the following exception.
Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')
Exception Details: System.ArgumentException: Parameter '@TEST' specified but none of the passed arguments have a property with this name (in 'WHERE ([umbracoNode].[parentID] = 1070 AND upper([umbracoNode].[text]) like '@TEST%')')
...
This doesn't seem very safe, what do you think? :-)
Hah! This could be related to the problem I'm having now on 6.1.6. When I Delete or Move Contents with nodes having "@" sign, I get the same Exception
is working on a reply...