+ msg_escaped = msg_duplicate(msg);
if (msg->sms.sms_type != report_mo)
- gw_sql_save_msg(msg, octstr_imm("MO"));
+ gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
else
- gw_sql_save_msg(msg, octstr_imm("DLR"));
+ gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
+ msg_destroy(msg_escaped);
and
- gw_sql_save_msg(msg, octstr_imm("MT"));
+ msg_escaped = msg_duplicate(msg);
+ gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
+ msg_destroy(msg_escaped);
(and other similar lines)
You're duplicating the msg to msg_escaped and then running the same
gw_sql_save_msg function? What difference does it make?
Or maybe msg_duplicate does some escaping magic I'm not aware of? If
msg_duplicate does what the name says, I don't see what's changed.
Regards,
Alex
--
Alejandro Guerrieri
[email protected]
On 11/06/2010, at 23:25, Rene Kluwen wrote:
> Sorry for crossposting. But I think the users are allowed to know what is
> going on, even if this is a developers matter.
>
> I think I found the solution to the problem below, which affects all
> smsbox->sqlbox->bearerbox users.
>
> I must admit: Haven't tested it yet. But it should work.
>
> See attached patch. Votes?
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf
> Of Tomasz
> Sent: vrijdag 11 juni 2010 15:10
> To: Kannel list
> Subject: Re: Messages with php stripslashes
>
> Hi,
>
> I've got the same issue - when we send MT message by CGI which
> contains ' sign, the recipient gets \' (escaped '). When we inject MT
> directly to MySQL Database, recipient get only ' sing (valid!).
>
> Our configuration is:
>
> PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC
>
> The problem is caused probably by SQLBOX - somewhere there must be
> some kind of addslashes function. Escaped sign is being delivered to
> BEARERBOX. I've tried to find this is source code but I was unable.
>
> Have someone fixed this problem yet?
>
> Thanks
> Tomasz
>
> W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać:
>
>> I have posted some weeks ago a similar issue with sqlbox but it is not
>> resolved for the moment, Alejandro to check on his side to reproduce the
>> issue.
>
>> Check my post in the mailling list archive to see if it the same problem:
>
>> Object: *Quote and backslash issue*
>
>> As you when using CGI interface to send a SMS I got the quote escaped on
> the
>> mobile, BUT when using directly SQL injection on sqlbox it works
> correctly.
>
>> Regards,
>
>> Emmanuel
>
>
>
> <sql-escape.patch>
