svn co https://svn.kannel.org/sqlbox/trunk
Regards, -- Alejandro Guerrieri [email protected] On 14/06/2010, at 12:38, Emmanuel CHANSON wrote: > And what is the cvs/svn url for sqlbox? > > :) > > Emmanuel > > 2010/6/14 Alejandro Guerrieri <[email protected]> > Maybe Renee applied the patch against latest CVS/SVN instead? > > There's some updates on SVN that are not on 0.7.2. > -- > Alejandro Guerrieri > [email protected] > > > > On 14/06/2010, at 12:31, Emmanuel CHANSON wrote: > >> Using "Assume -R" equal to yes it seems the patch is not applied (I checked >> the sqlbox.c file after and no occurence of msg_escaped for instance). >> >> Alex where to downloaded the latest version of sqlbox? The one I got was >> from your website. >> BTW I try to apply the patch on the original source I have kept >> (sqlbox-0.7.2.tar.gz) but I got the same error. >> >> BR, >> >> Emmanuel >> >> 2010/6/14 Tomasz <[email protected]> >> Hi, >> >> Try to use -R option with path or press "y" when "Assume -R? [n]" >> displays. >> >> Regards, >> Tomasz >> >> W Twoim liście datowanym 14 czerwca 2010 (11:46:40) można przeczytać: >> >> > Hello Rene, >> >> > Trying to patch gw/sqlbox.c I got this error, is it an issue? >> >> > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch >> > patching file sqlbox.c >> > patching file sqlbox.c >> > Hunk #1 FAILED at 82. >> > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej >> > patching file sqlbox.c >> > Reversed (or previously applied) patch detected! Assume -R? [n] n >> > Apply anyway? [n] y >> > Hunk #1 FAILED at 252. >> > Hunk #2 FAILED at 269. >> > Hunk #3 FAILED at 375. >> > Hunk #4 FAILED at 398. >> > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej >> > [r...@kannel gw]# >> >> >> >> >> > [r...@kannel gw]# cat sqlbox.c.rej >> > Index: sb-config.h.in >> > --- sb-config.h.in (revision 28) >> > +++ sb-config.h.in (working copy) >> > @@ -82,10 +82,6 @@ >> > /* Define to 1 if you have the <unistd.h> header file. */ >> > #undef HAVE_UNISTD_H >> >> > -/* Define to the sub-directory in which libtool stores uninstalled >> > libraries. >> > - */ >> > -#undef LT_OBJDIR >> > - >> > /* Name of package */ >> > #undef PACKAGE >> >> > Index: gw/sqlbox.c >> > --- gw/sqlbox.c (revision 28) >> > +++ gw/sqlbox.c (working copy) >> > @@ -252,7 +252,7 @@ >> > static void smsbox_to_bearerbox(void *arg) >> > { >> > Boxc *conn = arg; >> > - Msg *msg; >> > + Msg *msg, *msg_escaped; >> >> > /* remove messages from socket until it is closed */ >> > while (sqlbox_status != SQL_DEAD && conn->alive) { >> > @@ -269,7 +269,9 @@ >> > if (msg_type(msg) == sms) { >> > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received"); >> >> > - gw_sql_save_msg(msg, octstr_imm("MT")); >> > + msg_escaped = msg_duplicate(msg); >> > + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); >> > + msg_destroy(msg_escaped); >> > } >> >> > send_msg(conn->bearerbox_connection, conn, msg); >> > @@ -375,7 +377,7 @@ >> >> > static void bearerbox_to_smsbox(void *arg) >> > { >> > - Msg *msg; >> > + Msg *msg, *msg_escaped; >> > Boxc *conn = arg; >> >> > while (sqlbox_status != SQL_DEAD && conn->alive) { >> > @@ -398,10 +400,12 @@ >> > break; >> > } >> > if ((msg_type(msg) == sms) && >> > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) { >> > + msg_escaped = msg_duplicate(msg); >> > if (msg->sms.sms_type != report_mo) >> > - gw_sql_save_msg(msg, octstr_imm("MO")); >> > + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); >> > else >> > - gw_sql_save_msg(msg, octstr_imm("DLR")); >> > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); >> > + msg_destroy(msg_escaped); >> > } >> > send_msg(conn->smsbox_connection, conn, msg); >> > msg_destroy(msg); >> > [r...@kannel gw]# >> >> > Regards, >> >> > Emmanuel >> >> >> >> > 2010/6/13 Rene Kluwen <[email protected]> >> >> >> msg_duplicate is the normal function from msg.h. No special meaning. >> >> >> >> What happens is that gw_sql_save has a side effect. It escapes all text >> >> strings with a backslash before the "'" sign because it displays them in >> >> the >> >> INSERT INTO... statement in the database. >> >> When I designed the function I was under the impression that it escaped >> >> the >> >> strings in a copy... But apparently it doesn't. >> >> >> >> What happens in the "old" version is that gw_sql_save_msg escapes the >> >> strings inline and later it does a "send_msg(conn->smsbox_connection, >> >> conn, >> >> msg)" with the same message... which has a backslash in front of the "'". >> >> >> >> By duplicating the message before calling the gw_sql_save_msg, this >> >> behavior >> >> is eliminated. >> >> >> >> Someone on the mailinglist (Tomasz) has already confirmed that the problem >> >> has been solved with this patch. >> >> >> >> == Rene >> >> >> >> >> >> >> >> -----Original Message----- >> >> From: Alejandro Guerrieri [mailto:[email protected]] >> >> Sent: vrijdag 11 juni 2010 23:52 >> >> To: Rene Kluwen >> >> Cc: 'Tomasz'; 'Kannel list'; [email protected] >> >> Subject: Re: [PATCH] RE: Messages with php stripslashes >> >> >> >> + msg_escaped = msg_duplicate(msg); >> >> if (msg->sms.sms_type != report_mo) >> >> - gw_sql_save_msg(msg, octstr_imm("MO")); >> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); >> >> else >> >> - gw_sql_save_msg(msg, octstr_imm("DLR")); >> >> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); >> >> + msg_destroy(msg_escaped); >> >> >> >> and >> >> >> >> - gw_sql_save_msg(msg, octstr_imm("MT")); >> >> + msg_escaped = msg_duplicate(msg); >> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); >> >> + msg_destroy(msg_escaped); >> >> >> >> (and other similar lines) >> >> >> >> You're duplicating the msg to msg_escaped and then running the same >> >> gw_sql_save_msg function? What difference does it make? >> >> >> >> Or maybe msg_duplicate does some escaping magic I'm not aware of? If >> >> msg_duplicate does what the name says, I don't see what's changed. >> >> >> >> Regards, >> >> >> >> Alex >> >> -- >> >> Alejandro Guerrieri >> >> [email protected] >> >> >> >> >> >> >> >> On 11/06/2010, at 23:25, Rene Kluwen wrote: >> >> >> >> > Sorry for crossposting. But I think the users are allowed to know what >> >> > is >> >> > going on, even if this is a developers matter. >> >> > >> >> > I think I found the solution to the problem below, which affects all >> >> > smsbox->sqlbox->bearerbox users. >> >> > >> >> > I must admit: Haven't tested it yet. But it should work. >> >> > >> >> > See attached patch. Votes? >> >> > >> >> > >> >> > -----Original Message----- >> >> > From: [email protected] [mailto:[email protected]] On >> >> Behalf >> >> > Of Tomasz >> >> > Sent: vrijdag 11 juni 2010 15:10 >> >> > To: Kannel list >> >> > Subject: Re: Messages with php stripslashes >> >> > >> >> > Hi, >> >> > >> >> > I've got the same issue - when we send MT message by CGI which >> >> > contains ' sign, the recipient gets \' (escaped '). When we inject MT >> >> > directly to MySQL Database, recipient get only ' sing (valid!). >> >> > >> >> > Our configuration is: >> >> > >> >> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC >> >> > >> >> > The problem is caused probably by SQLBOX - somewhere there must be >> >> > some kind of addslashes function. Escaped sign is being delivered to >> >> > BEARERBOX. I've tried to find this is source code but I was unable. >> >> > >> >> > Have someone fixed this problem yet? >> >> > >> >> > Thanks >> >> > Tomasz >> >> > >> >> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać: >> >> > >> >> >> I have posted some weeks ago a similar issue with sqlbox but it is not >> >> >> resolved for the moment, Alejandro to check on his side to reproduce >> >> >> the >> >> >> issue. >> >> > >> >> >> Check my post in the mailling list archive to see if it the same >> >> problem: >> >> > >> >> >> Object: *Quote and backslash issue* >> >> > >> >> >> As you when using CGI interface to send a SMS I got the quote escaped >> >> >> on >> >> > the >> >> >> mobile, BUT when using directly SQL injection on sqlbox it works >> >> > correctly. >> >> > >> >> >> Regards, >> >> > >> >> >> Emmanuel >> >> > >> >> > >> >> > >> >> > <sql-escape.patch> >> >> >> >> >> >> -- >> Emmanuel >> >> CHANSON Emmanuel >> Mobile Nouvelle-Calédonie: +687.77.35.02 >> Mobile France: +33 (0) 6.68.03.89.56 >> @email : [email protected] > > > > > -- > Emmanuel > > CHANSON Emmanuel > Mobile Nouvelle-Calédonie: +687.77.35.02 > Mobile France: +33 (0) 6.68.03.89.56 > @email : [email protected]
