Learning/mRemoteNG
1
0
Fork 0
mirror of https://github.com/mRemoteNG/mRemoteNG.git synced 2026-02-17 22:11:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix SQL injection in SqlConnectionsSaver UpdateUpdatesTable method

Browse Source 
Co-authored-by: Kvarkas <3611964+Kvarkas@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-10-18 20:33:47 +00:00
parent 6403573e36
commit 5e2fc8b0dc
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mRemoteNG/Config/Connections/SqlConnectionsSaver.cs
View File

@@ -168,7 +168,13 @@ namespace mRemoteNG.Config.Connections
// TODO: use transaction
System.Data.Common.DbCommand dbQuery = databaseConnector.DbCommand("TRUNCATE TABLE tblUpdate");
dbQuery.ExecuteNonQuery();
dbQuery = databaseConnector.DbCommand("INSERT INTO tblUpdate (LastUpdate) VALUES('" + MiscTools.DBDate(DateTime.Now.ToUniversalTime()) + "')");
dbQuery = databaseConnector.DbCommand("INSERT INTO tblUpdate (LastUpdate) VALUES(@LastUpdate)");
DbParameter lastUpdateParam = dbQuery.CreateParameter();
lastUpdateParam.ParameterName = "@LastUpdate";
lastUpdateParam.Value = MiscTools.DBTimeStampNow();
dbQuery.Parameters.Add(lastUpdateParam);
dbQuery.ExecuteNonQuery();
}