On 10.01.2006, at 21:01, Stipe Tolj wrote:
Peter Christensen wrote:
Hi,
I'd like to address a couple things now that a new kannel release
near:
1. Some while ago, I reported problems within the dlr_mysql_add
function. If the entry->timestamp, entry->source, or entry->url
contains some unfortunate characters (most significantly <'>), the
SQL query gets broken and the DLRs are wasted.
After a while, the first patch was submitted, but as it used
mysql_real_escape_string, it would potentially require an
additional MySQL connection (or something - don't remember what
the exact problem was), so it was not committed, and another patch
was promised in a near future. Apparently this patch never came,
however, and I see that the current CVS is still not escaping the
strings.
correct, I have that escaping version of mysql here and it's
scheduled for commit to 1.5.0 devel, since I won't have the time to
test it that extensively to ensure stability for 1.4.1 stable.
how about taking a dumb and simple approach and simply escape all
characters to hexadecimal (ie. \x30 for a 0).
this will always work and not break anything existing.
I could post the patch and let the list confirm via votes that it
should or should not go to 1.4.1 stable?
I think it should, its not a new feature but a important bugfix and
not a critial to break anything in my eyes.
Andreas Fink
Fink Consulting GmbH
---------------------------------------------------------------
Tel: +41-61-6666332 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: [EMAIL PROTECTED]
Homepage: http://www.finkconsulting.com
---------------------------------------------------------------
ICQ: 101946485 MSN: [EMAIL PROTECTED] AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
PGP9: 0714 DF2B A189 A760 6201 5CBD D040 3E71 4DAF 68BB
