[Galette-devel] [bug #4569] SQL strings not escaped when magic_quotes_gpc is not enabled

2007-08-17 Par sujet Johan Cwiklinski 

Update of bug #4569 (project galette):

  Status:  Ready For Test => Fixed  
 Open/Closed:Open => Closed 
 Release:None => devel  

___

Follow-up Comment #2:

Il me semble que c'est bel et bien corrigé dans les versions actuelles.

___

Reply to this item at:

  

___
  Message posté via/par Gna!
  http://gna.org/


___
Galette-devel mailing list
Galette-devel@gna.org
https://mail.gna.org/listinfo/galette-devel

[Galette-devel] [bug #4569] SQL strings not escaped when magic_quotes_gpc is not enabled

2005-11-15 Par sujet StéphaneSalès 

Update of bug #4569 (project galette):

  Status:None => Ready For Test 

___

Follow-up Comment #1:

corrigé dans le cvs, à tester.

___

Reply to this item at:

  

___
  Message posté via/par Gna!
  http://gna.org/

[Galette-devel] [bug #4569] SQL strings not escaped when magic_quotes_gpc is not enabled

2005-10-23 Par sujet pb 

URL:
  

 Summary: SQL strings not escaped when magic_quotes_gpc is
not enabled
 Project: Galette
Submitted by: pbaumard
Submitted on: dim 23.10.2005 à 04:53
Priority: 5 - Normal
Severity: 6 - Security
  Status: None
 Assigned to: None
Originator Email: 
 Open/Closed: Open

___

Details:

From
http://phplens.com/adodb/reference.functions.qstr.html
adodb qstr method has to be called with get_magic_quotes_gpc() as a second
parameter:
$db->qstr($value,get_magic_quotes_gpc())

But in galette code most of the calls sets the second parameter as true:
$DB->qstr($value, true)

So when magic_quotes_gpc is not enabled SQL strings are not escaped, and
worse, Galette fails silently without showing any error message.



___

Carbon-Copy List:

CC Address  | Comment
+-
pbaumard| 




___

Reply to this item at:

  

___
  Message posté via/par Gna!
  http://gna.org/