msg_duplicate is the normal function from msg.h. No special meaning. What happens is that gw_sql_save has a side effect. It escapes all text strings with a backslash before the "'" sign because it displays them in the INSERT INTO... statement in the database. When I designed the function I was under the impression that it escaped the strings in a copy... But apparently it doesn't.
What happens in the "old" version is that gw_sql_save_msg escapes the strings inline and later it does a "send_msg(conn->smsbox_connection, conn, msg)" with the same message... which has a backslash in front of the "'". By duplicating the message before calling the gw_sql_save_msg, this behavior is eliminated. Someone on the mailinglist (Tomasz) has already confirmed that the problem has been solved with this patch. == Rene -----Original Message----- From: Alejandro Guerrieri [mailto:[email protected]] Sent: vrijdag 11 juni 2010 23:52 To: Rene Kluwen Cc: 'Tomasz'; 'Kannel list'; [email protected] Subject: Re: [PATCH] RE: Messages with php stripslashes + msg_escaped = msg_duplicate(msg); if (msg->sms.sms_type != report_mo) - gw_sql_save_msg(msg, octstr_imm("MO")); + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); else - gw_sql_save_msg(msg, octstr_imm("DLR")); + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); + msg_destroy(msg_escaped); and - gw_sql_save_msg(msg, octstr_imm("MT")); + msg_escaped = msg_duplicate(msg); + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); + msg_destroy(msg_escaped); (and other similar lines) You're duplicating the msg to msg_escaped and then running the same gw_sql_save_msg function? What difference does it make? Or maybe msg_duplicate does some escaping magic I'm not aware of? If msg_duplicate does what the name says, I don't see what's changed. Regards, Alex -- Alejandro Guerrieri [email protected] On 11/06/2010, at 23:25, Rene Kluwen wrote: > Sorry for crossposting. But I think the users are allowed to know what is > going on, even if this is a developers matter. > > I think I found the solution to the problem below, which affects all > smsbox->sqlbox->bearerbox users. > > I must admit: Haven't tested it yet. But it should work. > > See attached patch. Votes? > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Tomasz > Sent: vrijdag 11 juni 2010 15:10 > To: Kannel list > Subject: Re: Messages with php stripslashes > > Hi, > > I've got the same issue - when we send MT message by CGI which > contains ' sign, the recipient gets \' (escaped '). When we inject MT > directly to MySQL Database, recipient get only ' sing (valid!). > > Our configuration is: > > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC > > The problem is caused probably by SQLBOX - somewhere there must be > some kind of addslashes function. Escaped sign is being delivered to > BEARERBOX. I've tried to find this is source code but I was unable. > > Have someone fixed this problem yet? > > Thanks > Tomasz > > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać: > >> I have posted some weeks ago a similar issue with sqlbox but it is not >> resolved for the moment, Alejandro to check on his side to reproduce the >> issue. > >> Check my post in the mailling list archive to see if it the same problem: > >> Object: *Quote and backslash issue* > >> As you when using CGI interface to send a SMS I got the quote escaped on > the >> mobile, BUT when using directly SQL injection on sqlbox it works > correctly. > >> Regards, > >> Emmanuel > > > > <sql-escape.patch>
