fix for SQL Injection in xhrGetFoodsaver
What does this MR do?
there is an SQL Injection possibility with FoodsaverGateway::xhrGetFoodsaver()
, which could have lead to an successfull hack of fs.de.
@NerdyProjects will confirm soon, that there was no usage of that in the past.
How confident are you it won't break things if deployed?
a portion of the method (filterung by bid) got removed, which seems unused. but yeah, you can newer know... ;)
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
joined #foodsharing-beta channel at https://slackin.yunity.org -
added an entry to CHANGELOG.md (description, merge request link, username(s))
Edited by Chris Oelmueller