Hi Xavier, I'm working on it at this very moment. And your patch looks like mine ;)
s On Thu, 2007-09-06 at 10:22 +0200, Xavier Bouchoux wrote: > Aaron Bockover a écrit : > > Using String.Format to construct a query with parameters is very > > incorrect, for this very reason (and often if escaping is not done > > properly, it can lead to security issues). While in applications like > > F-Spot and Banshee, using String.Format is okay in many situations, > > using the following method of command construction is critical for when > > strings are parameters (as you have just run into). > > > > [...] > > > > Granted, doing that manually is highly annoying. In Banshee I have a > > utility layer to make constructing proper parameter commands much > > simpler. Either way, this should solve the escaping issue. > > > > Indeed, using the Banshee helper is as easy as using String.Format() > http://bugzilla.gnome.org/show_bug.cgi?id=474142 > > (well if it is actually a correct fix..) > > _______________________________________________ > F-spot-list mailing list > [email protected] > http://mail.gnome.org/mailman/listinfo/f-spot-list _______________________________________________ F-spot-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/f-spot-list
