Tracker: Bugs
When I upload a file with :
title : and\or
description : this is a test for ever\never.
Here is the result :
title : andor
description : this is a test for ever<br />ever
I think it is not only a problem for having an \ in a title or a
description but it is possibly a bad escaping for quote.
I think this code create a problem :
$title = stripslashes($title);
$title = fOwl_ereg_replace("'", "\\'" , fOwl_ereg_replace("[<>]", "",
$title));
stripslahes unescaped the characters single quote ('), double quote ("),
backslash (\) and NUL (the NULL byte).
But fOwl_ereg_replace escape only single quote (').
I think it is necessary to replace fOwl_ereg_replace by a php function
pg_escape_string() or mysqli_real_escape_string() or addslashes.
Steve
None
None
Public
Comments ( 3 )
|
Date: 2009-11-02 19:53 Fixed and committed to CVS: |
|
Date: 2009-11-02 09:59 I send you the patch to fix it |
|
Date: 2009-09-22 13:35 If you create a new note, with keywords = \',(select 1),6,(select |
Attached File ( 1 )
| Filename | Description | Download |
|---|---|---|
| 0001-corrections-des-antislashes-addslashes.patch | Download |
Changes ( 8 )
| Field | Old Value | Date | By |
|---|---|---|---|
| summary | \ are interpreted in input for files - ID: 2864125 | 2009-11-02 19:54 | b0zz |
| status_id | Open | 2009-11-02 19:53 | b0zz |
| resolution_id | None | 2009-11-02 19:53 | b0zz |
| assigned_to | nobody | 2009-11-02 19:53 | b0zz |
| allow_comments | 1 | 2009-11-02 19:53 | b0zz |
| close_date | - | 2009-11-02 19:53 | b0zz |
| summary | \ are interpreted in input for files | 2009-11-02 19:53 | b0zz |
| File Added | 349162: 0001-corrections-des-antislashes-addslashes.patch | 2009-11-02 09:59 | jheyman |
About SourceForge
Develop Software
Community
Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use
