opensourcepos/app/Models/Item.php at feature/integration-tests

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-16 11:30:02 -04:00

Files

Ollama 52b0a83190 Fix SQL injection in custom attribute search

Parameterize LIKE queries in HAVING clause to prevent SQL injection
when search_custom filter is enabled. Also sanitize search parameter
input at controller level for defense-in-depth.

Fixes vulnerability where user input was directly interpolated into
SQL queries without sanitization.

2026-03-07 19:10:42 +01:00

42 KiB

Raw Permalink Blame History

View Raw

42 KiB Raw Permalink Blame History

42 KiB

Raw Permalink Blame History