The following bug has been SUBMITTED. ====================================================================== http://www.dbmail.org/mantis/bug_view_advanced_page.php?bug_id=0000222 ====================================================================== Reported By: xing Assigned To: ====================================================================== Project: DBMail Bug ID: 222 Category: PIPE delivery (dbmail-smtp) Reproducibility: have not tried Severity: block Priority: normal Status: new ====================================================================== Date Submitted: 21-Jun-05 21:43 CEST Last Modified: 21-Jun-05 21:43 CEST ====================================================================== Summary: Sql not escaped before passing to mysql.. Description: In 2.1.1, it looks like the fromname field of the header caching logic was not properly escaped before been executed by mysql:
Jun 21 12:41:15 mail dbmail/smtp[24115]: dbmysql.c,db_query: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Brien','[EMAIL PROTECTED]')' at line 1] [INSERT INTO dbmail_fromfield (physmessage_id, fromname, fromaddr) VALUES (1742531,'Nicole O'Brien','[EMAIL PROTECTED]')] ====================================================================== Bug History Date Modified Username Field Change ====================================================================== 21-Jun-05 21:43xing New Bug ======================================================================
