Ok I have tested with the sqlbox.c file patched as below, then tested using CGI interface and a SMS with a quote and it works !
Quote not escaped any more... Thanks to Rene, Alex, and others ... Regards, Emmanuel 2010/6/14 Emmanuel CHANSON <emmanuelchan...@gmail.com> > I have tried to patch the svn source just downloaded but same errors > displayed, sqlbox.c seems to be patched....so > > > > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch > patching file sqlbox.c > patching file sqlbox.c > Hunk #1 FAILED at 82. > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej > patching file sqlbox.c > Reversed (or previously applied) patch detected! Assume -R? [n] n > Apply anyway? [n] y > Hunk #1 FAILED at 252. > Hunk #2 FAILED at 269. > Hunk #3 FAILED at 375. > Hunk #4 FAILED at 398. > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej > [r...@kannel gw]# > [r...@kannel gw]# > [r...@kannel gw]# cat sqlbox.c.rej > Index: sb-config.h.in > --- sb-config.h.in (revision 28) > +++ sb-config.h.in (working copy) > @@ -82,10 +82,6 @@ > /* Define to 1 if you have the <unistd.h> header file. */ > #undef HAVE_UNISTD_H > > -/* Define to the sub-directory in which libtool stores uninstalled > libraries. > - */ > -#undef LT_OBJDIR > - > /* Name of package */ > #undef PACKAGE > > Index: gw/sqlbox.c > --- gw/sqlbox.c (revision 28) > +++ gw/sqlbox.c (working copy) > @@ -252,7 +252,7 @@ > static void smsbox_to_bearerbox(void *arg) > { > Boxc *conn = arg; > - Msg *msg; > + Msg *msg, *msg_escaped; > > /* remove messages from socket until it is closed */ > while (sqlbox_status != SQL_DEAD && conn->alive) { > @@ -269,7 +269,9 @@ > if (msg_type(msg) == sms) { > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received"); > > - gw_sql_save_msg(msg, octstr_imm("MT")); > + msg_escaped = msg_duplicate(msg); > + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); > + msg_destroy(msg_escaped); > } > > send_msg(conn->bearerbox_connection, conn, msg); > @@ -375,7 +377,7 @@ > > static void bearerbox_to_smsbox(void *arg) > { > - Msg *msg; > + Msg *msg, *msg_escaped; > Boxc *conn = arg; > > while (sqlbox_status != SQL_DEAD && conn->alive) { > @@ -398,10 +400,12 @@ > break; > } > if ((msg_type(msg) == sms) && > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) { > + msg_escaped = msg_duplicate(msg); > if (msg->sms.sms_type != report_mo) > - gw_sql_save_msg(msg, octstr_imm("MO")); > + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); > else > - gw_sql_save_msg(msg, octstr_imm("DLR")); > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); > + msg_destroy(msg_escaped); > } > send_msg(conn->smsbox_connection, conn, msg); > msg_destroy(msg); > [r...@kannel gw]# > > > 2010/6/14 Alejandro Guerrieri <aguerri...@kannel.org> > >> svn co https://svn.kannel.org/sqlbox/trunk >> >> Regards, >> -- >> Alejandro Guerrieri >> aguerri...@kannel.org >> >> >> >> On 14/06/2010, at 12:38, Emmanuel CHANSON wrote: >> >> And what is the cvs/svn url for sqlbox? >> >> :) >> >> Emmanuel >> >> 2010/6/14 Alejandro Guerrieri <aguerri...@kannel.org> >> >>> Maybe Renee applied the patch against latest CVS/SVN instead? >>> >>> There's some updates on SVN that are not on 0.7.2. >>> -- >>> Alejandro Guerrieri >>> aguerri...@kannel.org >>> >>> >>> >>> On 14/06/2010, at 12:31, Emmanuel CHANSON wrote: >>> >>> Using "Assume -R" equal to yes it seems the patch is not applied (I >>> checked the sqlbox.c file after and no occurence of msg_escaped for >>> instance). >>> >>> Alex where to downloaded the latest version of sqlbox? The one I got was >>> from your website. >>> BTW I try to apply the patch on the original source I have kept >>> (sqlbox-0.7.2.tar.gz) but I got the same error. >>> >>> BR, >>> >>> Emmanuel >>> >>> 2010/6/14 Tomasz <ad...@impexrur.pl> >>> >>>> Hi, >>>> >>>> Try to use -R option with path or press "y" when "Assume -R? [n]" >>>> displays. >>>> >>>> Regards, >>>> Tomasz >>>> >>>> W Twoim liście datowanym 14 czerwca 2010 (11:46:40) można przeczytać: >>>> >>>> > Hello Rene, >>>> >>>> > Trying to patch gw/sqlbox.c I got this error, is it an issue? >>>> >>>> > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch >>>> > patching file sqlbox.c >>>> > patching file sqlbox.c >>>> > Hunk #1 FAILED at 82. >>>> > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej >>>> > patching file sqlbox.c >>>> > Reversed (or previously applied) patch detected! Assume -R? [n] n >>>> > Apply anyway? [n] y >>>> > Hunk #1 FAILED at 252. >>>> > Hunk #2 FAILED at 269. >>>> > Hunk #3 FAILED at 375. >>>> > Hunk #4 FAILED at 398. >>>> > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej >>>> > [r...@kannel gw]# >>>> >>>> >>>> >>>> >>>> > [r...@kannel gw]# cat sqlbox.c.rej >>>> > Index: sb-config.h.in >>>> > --- sb-config.h.in (revision 28) >>>> > +++ sb-config.h.in (working copy) >>>> > @@ -82,10 +82,6 @@ >>>> > /* Define to 1 if you have the <unistd.h> header file. */ >>>> > #undef HAVE_UNISTD_H >>>> >>>> > -/* Define to the sub-directory in which libtool stores uninstalled >>>> > libraries. >>>> > - */ >>>> > -#undef LT_OBJDIR >>>> > - >>>> > /* Name of package */ >>>> > #undef PACKAGE >>>> >>>> > Index: gw/sqlbox.c >>>> > --- gw/sqlbox.c (revision 28) >>>> > +++ gw/sqlbox.c (working copy) >>>> > @@ -252,7 +252,7 @@ >>>> > static void smsbox_to_bearerbox(void *arg) >>>> > { >>>> > Boxc *conn = arg; >>>> > - Msg *msg; >>>> > + Msg *msg, *msg_escaped; >>>> >>>> > /* remove messages from socket until it is closed */ >>>> > while (sqlbox_status != SQL_DEAD && conn->alive) { >>>> > @@ -269,7 +269,9 @@ >>>> > if (msg_type(msg) == sms) { >>>> > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received"); >>>> >>>> > - gw_sql_save_msg(msg, octstr_imm("MT")); >>>> > + msg_escaped = msg_duplicate(msg); >>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); >>>> > + msg_destroy(msg_escaped); >>>> > } >>>> >>>> > send_msg(conn->bearerbox_connection, conn, msg); >>>> > @@ -375,7 +377,7 @@ >>>> >>>> > static void bearerbox_to_smsbox(void *arg) >>>> > { >>>> > - Msg *msg; >>>> > + Msg *msg, *msg_escaped; >>>> > Boxc *conn = arg; >>>> >>>> > while (sqlbox_status != SQL_DEAD && conn->alive) { >>>> > @@ -398,10 +400,12 @@ >>>> > break; >>>> > } >>>> > if ((msg_type(msg) == sms) && >>>> > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) { >>>> > + msg_escaped = msg_duplicate(msg); >>>> > if (msg->sms.sms_type != report_mo) >>>> > - gw_sql_save_msg(msg, octstr_imm("MO")); >>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); >>>> > else >>>> > - gw_sql_save_msg(msg, octstr_imm("DLR")); >>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); >>>> > + msg_destroy(msg_escaped); >>>> > } >>>> > send_msg(conn->smsbox_connection, conn, msg); >>>> > msg_destroy(msg); >>>> > [r...@kannel gw]# >>>> >>>> > Regards, >>>> >>>> > Emmanuel >>>> >>>> >>>> >>>> > 2010/6/13 Rene Kluwen <rene.klu...@chimit.nl> >>>> >>>> >> msg_duplicate is the normal function from msg.h. No special meaning. >>>> >> >>>> >> What happens is that gw_sql_save has a side effect. It escapes all >>>> text >>>> >> strings with a backslash before the "'" sign because it displays them >>>> in >>>> >> the >>>> >> INSERT INTO... statement in the database. >>>> >> When I designed the function I was under the impression that it >>>> escaped the >>>> >> strings in a copy... But apparently it doesn't. >>>> >> >>>> >> What happens in the "old" version is that gw_sql_save_msg escapes the >>>> >> strings inline and later it does a "send_msg(conn->smsbox_connection, >>>> conn, >>>> >> msg)" with the same message... which has a backslash in front of the >>>> "'". >>>> >> >>>> >> By duplicating the message before calling the gw_sql_save_msg, this >>>> >> behavior >>>> >> is eliminated. >>>> >> >>>> >> Someone on the mailinglist (Tomasz) has already confirmed that the >>>> problem >>>> >> has been solved with this patch. >>>> >> >>>> >> == Rene >>>> >> >>>> >> >>>> >> >>>> >> -----Original Message----- >>>> >> From: Alejandro Guerrieri [mailto:aguerri...@kannel.org] >>>> >> Sent: vrijdag 11 juni 2010 23:52 >>>> >> To: Rene Kluwen >>>> >> Cc: 'Tomasz'; 'Kannel list'; de...@kannel.org >>>> >> Subject: Re: [PATCH] RE: Messages with php stripslashes >>>> >> >>>> >> + msg_escaped = msg_duplicate(msg); >>>> >> if (msg->sms.sms_type != report_mo) >>>> >> - gw_sql_save_msg(msg, octstr_imm("MO")); >>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); >>>> >> else >>>> >> - gw_sql_save_msg(msg, octstr_imm("DLR")); >>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); >>>> >> + msg_destroy(msg_escaped); >>>> >> >>>> >> and >>>> >> >>>> >> - gw_sql_save_msg(msg, octstr_imm("MT")); >>>> >> + msg_escaped = msg_duplicate(msg); >>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); >>>> >> + msg_destroy(msg_escaped); >>>> >> >>>> >> (and other similar lines) >>>> >> >>>> >> You're duplicating the msg to msg_escaped and then running the same >>>> >> gw_sql_save_msg function? What difference does it make? >>>> >> >>>> >> Or maybe msg_duplicate does some escaping magic I'm not aware of? If >>>> >> msg_duplicate does what the name says, I don't see what's changed. >>>> >> >>>> >> Regards, >>>> >> >>>> >> Alex >>>> >> -- >>>> >> Alejandro Guerrieri >>>> >> aguerri...@kannel.org >>>> >> >>>> >> >>>> >> >>>> >> On 11/06/2010, at 23:25, Rene Kluwen wrote: >>>> >> >>>> >> > Sorry for crossposting. But I think the users are allowed to know >>>> what is >>>> >> > going on, even if this is a developers matter. >>>> >> > >>>> >> > I think I found the solution to the problem below, which affects >>>> all >>>> >> > smsbox->sqlbox->bearerbox users. >>>> >> > >>>> >> > I must admit: Haven't tested it yet. But it should work. >>>> >> > >>>> >> > See attached patch. Votes? >>>> >> > >>>> >> > >>>> >> > -----Original Message----- >>>> >> > From: users-boun...@kannel.org [mailto:users-boun...@kannel.org] >>>> On >>>> >> Behalf >>>> >> > Of Tomasz >>>> >> > Sent: vrijdag 11 juni 2010 15:10 >>>> >> > To: Kannel list >>>> >> > Subject: Re: Messages with php stripslashes >>>> >> > >>>> >> > Hi, >>>> >> > >>>> >> > I've got the same issue - when we send MT message by CGI which >>>> >> > contains ' sign, the recipient gets \' (escaped '). When we inject >>>> MT >>>> >> > directly to MySQL Database, recipient get only ' sing (valid!). >>>> >> > >>>> >> > Our configuration is: >>>> >> > >>>> >> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC >>>> >> > >>>> >> > The problem is caused probably by SQLBOX - somewhere there must be >>>> >> > some kind of addslashes function. Escaped sign is being delivered >>>> to >>>> >> > BEARERBOX. I've tried to find this is source code but I was unable. >>>> >> > >>>> >> > Have someone fixed this problem yet? >>>> >> > >>>> >> > Thanks >>>> >> > Tomasz >>>> >> > >>>> >> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać: >>>> >> > >>>> >> >> I have posted some weeks ago a similar issue with sqlbox but it is >>>> not >>>> >> >> resolved for the moment, Alejandro to check on his side to >>>> reproduce the >>>> >> >> issue. >>>> >> > >>>> >> >> Check my post in the mailling list archive to see if it the same >>>> >> problem: >>>> >> > >>>> >> >> Object: *Quote and backslash issue* >>>> >> > >>>> >> >> As you when using CGI interface to send a SMS I got the quote >>>> escaped on >>>> >> > the >>>> >> >> mobile, BUT when using directly SQL injection on sqlbox it works >>>> >> > correctly. >>>> >> > >>>> >> >> Regards, >>>> >> > >>>> >> >> Emmanuel >>>> >> > >>>> >> > >>>> >> > >>>> >> > <sql-escape.patch> >>>> >>>> >>>> >>> >>> >>> -- >>> Emmanuel >>> >>> CHANSON Emmanuel >>> Mobile Nouvelle-Calédonie: +687.77.35.02 >>> Mobile France: +33 (0) 6.68.03.89.56 >>> @email : emmanuelchan...@gmail.com >>> >>> >>> >> >> >> -- >> Emmanuel >> >> CHANSON Emmanuel >> Mobile Nouvelle-Calédonie: +687.77.35.02 >> Mobile France: +33 (0) 6.68.03.89.56 >> @email : emmanuelchan...@gmail.com >> >> >> > > > -- > Emmanuel > > CHANSON Emmanuel > Mobile Nouvelle-Calédonie: +687.77.35.02 > Mobile France: +33 (0) 6.68.03.89.56 > @email : emmanuelchan...@gmail.com > -- Emmanuel CHANSON Emmanuel Mobile Nouvelle-Calédonie: +687.77.35.02 Mobile France: +33 (0) 6.68.03.89.56 @email : emmanuelchan...@gmail.com