-
On line 436 of mod_accounting.c
case 'u':
query = ap_pstrcat( p, query, ptr, get_user( r
), NULL );
break;
value returned from get_user(r), i.e. the username is
passed to the query without escaping.
At least it should escape single and double quotes that
are usual in sql queries.
2004-04-13 16:55:03 UTC in mod_accounting
-
As reported in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=207249
Looks like gcc3.3 is optomising away the first letter
so the
database name compare does not match.
--- libapache-mod-acct-0.5.orig/mod_accounting.c
+++ libapache-mod-acct-0.5/mod_accounting.c
@@ -217,8 +217,10 @@
int i, found = 0;
char *ptr =...
2003-09-09 16:25:22 UTC in mod_accounting
-
lgangitano committed patchset 18 of module dotme to the DOmain Tracking Made Easy CVS repository, changing 5 files.
2001-08-08 14:10:19 UTC in DOmain Tracking Made Easy
