definitively ++1
Vincent.
Stipe Tolj a écrit :
Hi list,
we have a possible bug situation in the gw/dlr_mysql.c module,
especially for the dlr_mysql_add() function:
We perform an INSERT into the table space with the values provided in
dlr_entry struct. The field entry->source is the source address and if
we used an alphanumeric value here containing any SQL "administrative
chars" (i.e. ') we run into an mysql error. We need to ensure that all
values passed from the "outside" (via smsbox HTTP interface) to the SQL
creation format is passed via mysql's mysql_escape_string() function,
ensuring such chars are escaped.
We had such a patch posted by:
From: Peter Christensen
Subject: Re: dlr_mysql_add and internal charset
Date: Tue, 10 Jan 2006 07:44:02 -0800
URL: http://www.mail-archive.com/[email protected]/msg05381.html
but it was actually never applied. This is a re-write of Peter's patch,
making a dbpool_mysql_escape_string() wrapper function available in the
gwlib/dbpool_mysql.c and using it in gw/dlr_mysql.c.
Please review and vote for committing to CVS.
Stipe
-------------------------------------------------------------------
Kölner Landstrasse 419
40589 Düsseldorf, NRW, Germany
tolj.org system architecture Kannel Software Foundation (KSF)
http://www.tolj.org/ http://www.kannel.org/
mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org
-------------------------------------------------------------------
--
Telemaque - 06560 SOPHIA-ANTIPOLIS - (FR)
Service Technique/Reseau - NOC
Direction du Developpement xMS+
http://www.telemaque.fr/
[EMAIL PROTECTED]
Tel : +33 4 92 90 99 84 (fax 9142)