This is an automated notification sent by Gna!.
It relates to:
task #1159, project Savane
==============================================================================
LATEST MODIFICATIONS of task #1159:
==============================================================================
Posted by: Sylvain Beucler <beuc>
Posted on: 2005-01-13 16:40 (GMT)
_______________________________________________________
Should Start On: lun 10.01.2005 � 23:00 -> lun 10.01.2005 � 00:00
Should be Finished on: lun 10.01.2005 � 23:00 -> lun 10.01.2005 � 00:00
_______________________________________________________
Follow-up Comment:
It's not really at the DBI level:
sub SetUserSettings {
SetDBSettings("user", "user_name='$_[0]'", "$_[1]='$_[2]'");
}
if arg0 or arg2 contains a quote, then there will be a quote mismatch.
As far as I see, we just need to add s/\'/\'\'/g in SetUserSettings-like
procedures. That's how it's done in sv_skills, despite sv_skills directly uses
the 'mysql' command.
==============================================================================
OVERVIEW of task #1159:
==============================================================================
URL:
<http://gna.org/task/?func=detailitem&item_id=1159>
Summary: add ### at the end of the register keys if missing
Project: Savane
Submitted by: yeupou
Submitted on: jeu 13.01.2005 � 09:12
Should Start On: lun 10.01.2005 � 00:00
Should be Finished on: lun 10.01.2005 � 00:00
Category: Backend
Priority: 1 - Later
Status: None
Privacy: Public
Assigned to: None
Percent Complete: 0%
Open/Closed: Open
Effort: 0.00
Planned Release:
_______________________________________________________
And update script should be provided for 1.0.6 that would add ### if missing,
at the end of registered ssh keys, for keys registered a long time ago with
the Savane version that was not always adding it.
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: jeu 13.01.2005 � 16:40 By: Sylvain Beucler <beuc>
It's not really at the DBI level:
sub SetUserSettings {
SetDBSettings("user", "user_name='$_[0]'", "$_[1]='$_[2]'");
}
if arg0 or arg2 contains a quote, then there will be a quote mismatch.
As far as I see, we just need to add s/\'/\'\'/g in SetUserSettings-like
procedures. That's how it's done in sv_skills, despite sv_skills directly uses
the 'mysql' command.
-------------------------------------------------------
Date: jeu 13.01.2005 � 16:18 By: Mathieu Roy <yeupou>
Theorically perl DBI by itself escape characters when needed. Are you sure
that adding a script to escape character wont alter content in any way? Why in
this case the escaping made by perl DBI isn't reliable - no way to fix that?
-------------------------------------------------------
Date: jeu 13.01.2005 � 15:22 By: Sylvain Beucler <beuc>
Aie aie sir.
There is a small issue to discuss: at a point I have to escape an argument
that I pass to SetUserSettings, so that if the key contains a <<'>>, it
doesn't make the SQL query fail.
I think this test should be moved in SetUserSettings itself.
Is it ok?
The script was applied to the Savannah database. We haven't received
complaints yet.
-------------------------------------------------------
Date: jeu 13.01.2005 � 15:02 By: Mathieu Roy <yeupou>
If it works (I guess it does), feel free to add it in update/1.0.6 + close
this item.
Regards,
-------------------------------------------------------
Date: jeu 13.01.2005 � 14:10 By: Sylvain Beucler <beuc>
Here's the script, feel free to edit.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: jeu 13.01.2005 � 14:10 Name: update_authorized_keys.pl Size: 1,7Ko
By: beuc
<http://gna.org/task/download.php?item_id=1159&item_file_id=32>
==============================================================================
This item URL is:
<http://gna.org/task/?func=detailitem&item_id=1159>
_______________________________________________
Message post� via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
