On Sun, 2009-08-09 at 22:19 -0400, Owen Taylor wrote: > On Sun, 2009-08-09 at 23:50 +0200, Tobias Mueller wrote: > > > And in case anybody creates a database name with metacharacters for the > > filesystem (like "." or "/" or ".."), we should normalize and check > > whether we have left the directory just for security reasons. If so, > > bail out. Note, that I don't know if it's even possible to create such a > > database with MySQL. [...]
[..] > I originally got working without using python-MySQL, but if the > hand-escaping for popen() didn't pass muster, I don't think it would > have gotten past review here either :-) > > Attached patch is incremental on my last patch. I went ahead and pushed both patches - wanted to get it in a few backups before the new bugzilla went live so we can get some testing. Also installed MySQL-python on drawable (through puppet) and button. - Owen _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
