#1362: Prevent usage of SET NAMES for MySQL connections in AgaviPdoDatabase
----------------------+-----------------------------------------------------
Reporter: david | Owner: david
Type: task | Status: new
Priority: normal | Milestone: 1.0.5
Component: database | Version: 1.0.4
Severity: normal | Keywords:
Has_patch: 0 |
----------------------+-----------------------------------------------------
The MySQL client library (both libmysql and mysqlnd) won't see the charset
change, which means injections are possible for certain exotic multi-byte
character sets like Big5 or GBK. http://bugs.php.net/47802 has more
details.
We should force the use of "charset" in the DSN over "SET NAMES", although
"charset" is ignored on PHP < 5.3.6.
--
Ticket URL: <http://trac.agavi.org/ticket/1362>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
