Skip to content

Modernization of CDR #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: release/16.0
Choose a base branch
from
Open

Modernization of CDR #53

wants to merge 4 commits into from

Conversation

danardf
Copy link

@danardf danardf commented Sep 9, 2025

I modernized this old module which was ugly for a long time ago. Now it looks better.

@chrsmj
Copy link
Member

chrsmj commented Sep 9, 2025

This appears to be AI-generated and contains multiple potential SQL injection errors.

@chrsmj chrsmj self-assigned this Sep 9, 2025
@danardf
Copy link
Author

danardf commented Sep 9, 2025
edited
Loading

@chrsmj
Hi.
Yes, I played with Claude 4 for fun. I don't hide this fact. I wanted to test it and see if that was correct to use it. ;)

Can you give me an example just to check?

It's just to see if claude is able to fixe it.
I saw some issue with a direct injection too.

@chrsmj
Copy link
Member

chrsmj commented Sep 9, 2025

No I am not going to debug your AI generated code.

@danardf
Copy link
Author

danardf commented Sep 9, 2025

Well. As you like.
"I know there is a bug, but I don't want to help you."
That's your mindset. I see you are nice, indeed.
Whatever. I saw some. Don't worry. ;)

@chrsmj
Copy link
Member

chrsmj commented Sep 9, 2025

Are there any unit tests being added ?

@mrpbueno
Copy link

mrpbueno commented Sep 9, 2025

Hey @danardf , just a quick pointer on the SQL injection topic. Check out how $_REQUEST['sort'] is used to build the ORDER BY clause in the new getCdrData function. Directly using request parameters in that part of a query is a common risk. A whitelist for allowed column names is usually the safest approach there. Hope that's a helpful starting point!

@danardf
Copy link
Author

danardf commented Sep 10, 2025
edited
Loading

@mrpbueno hi
Yes I know. I saw that. indeed.
I did not review the code after generating by I.A, That's it.
I just trust on it. But I should not indeed.

@blazestudios97
Copy link

blazestudios97 commented Sep 10, 2025
edited
Loading

This appears to be AI-generated and contains multiple potential SQL injection errors.

Interestingly, the current Cdr.class.php has the same SQL injection issues, AI didn't seem to create those Franck just used what already existed. So kudos you just discovered existing SQL injection issues in the CDR module.

@danardf
Fixe SQL injections
4100142 
Fixe SQL injections
Add unit test
@danardf
Modernization of CDR
6420c44 
Fixe SQL injections

Fixe SQL injections
Add unit test
@danardf
Merge branch 'modernization-cdr' of https://github.com/danardf/cdr in…
0fe9aa4 
…to modernization-cdr
@danardf
Copy link
Author

danardf commented Sep 11, 2025

I think it's fixed now
I hope I've fixed everything out.

@danardf
Copy link
Author

danardf commented Sep 16, 2025

Hi
Feel free to review guys.

@danardf
Copy link
Author

danardf commented Oct 3, 2025

@kguptasangoma Hi
No way to be tested?

@kguptasangoma
Copy link
Member

Hi @danardf did not get chance to look into this one. Needs to kick off the QA also.

Thanks
Kapil

@danardf
Copy link
Author

danardf commented Oct 3, 2025

@kguptasangoma Ok update me asap. please.

@kguptasangoma
Copy link
Member

May be we can ask community help also to test the PR.

@danardf
Copy link
Author

danardf commented Oct 3, 2025

As you want.
Lorne tested it quickly, and looks good for him. Just need to test further

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@chrsmj chrsmj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@danardf @chrsmj @mrpbueno @blazestudios97 @kguptasangoma