Hello Rene, Trying to patch gw/sqlbox.c I got this error, is it an issue?
[r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch patching file sqlbox.c patching file sqlbox.c Hunk #1 FAILED at 82. 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej patching file sqlbox.c Reversed (or previously applied) patch detected! Assume -R? [n] n Apply anyway? [n] y Hunk #1 FAILED at 252. Hunk #2 FAILED at 269. Hunk #3 FAILED at 375. Hunk #4 FAILED at 398. 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej [r...@kannel gw]# [r...@kannel gw]# cat sqlbox.c.rej Index: sb-config.h.in --- sb-config.h.in (revision 28) +++ sb-config.h.in (working copy) @@ -82,10 +82,6 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -#undef LT_OBJDIR - /* Name of package */ #undef PACKAGE Index: gw/sqlbox.c --- gw/sqlbox.c (revision 28) +++ gw/sqlbox.c (working copy) @@ -252,7 +252,7 @@ static void smsbox_to_bearerbox(void *arg) { Boxc *conn = arg; - Msg *msg; + Msg *msg, *msg_escaped; /* remove messages from socket until it is closed */ while (sqlbox_status != SQL_DEAD && conn->alive) { @@ -269,7 +269,9 @@ if (msg_type(msg) == sms) { debug("sqlbox", 0, "smsbox_to_bearerbox: sms received"); - gw_sql_save_msg(msg, octstr_imm("MT")); + msg_escaped = msg_duplicate(msg); + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); + msg_destroy(msg_escaped); } send_msg(conn->bearerbox_connection, conn, msg); @@ -375,7 +377,7 @@ static void bearerbox_to_smsbox(void *arg) { - Msg *msg; + Msg *msg, *msg_escaped; Boxc *conn = arg; while (sqlbox_status != SQL_DEAD && conn->alive) { @@ -398,10 +400,12 @@ break; } if ((msg_type(msg) == sms) && (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) { + msg_escaped = msg_duplicate(msg); if (msg->sms.sms_type != report_mo) - gw_sql_save_msg(msg, octstr_imm("MO")); + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); else - gw_sql_save_msg(msg, octstr_imm("DLR")); + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); + msg_destroy(msg_escaped); } send_msg(conn->smsbox_connection, conn, msg); msg_destroy(msg); [r...@kannel gw]# Regards, Emmanuel 2010/6/13 Rene Kluwen <rene.klu...@chimit.nl> > msg_duplicate is the normal function from msg.h. No special meaning. > > What happens is that gw_sql_save has a side effect. It escapes all text > strings with a backslash before the "'" sign because it displays them in > the > INSERT INTO... statement in the database. > When I designed the function I was under the impression that it escaped the > strings in a copy... But apparently it doesn't. > > What happens in the "old" version is that gw_sql_save_msg escapes the > strings inline and later it does a "send_msg(conn->smsbox_connection, conn, > msg)" with the same message... which has a backslash in front of the "'". > > By duplicating the message before calling the gw_sql_save_msg, this > behavior > is eliminated. > > Someone on the mailinglist (Tomasz) has already confirmed that the problem > has been solved with this patch. > > == Rene > > > > -----Original Message----- > From: Alejandro Guerrieri [mailto:aguerri...@kannel.org] > Sent: vrijdag 11 juni 2010 23:52 > To: Rene Kluwen > Cc: 'Tomasz'; 'Kannel list'; de...@kannel.org > Subject: Re: [PATCH] RE: Messages with php stripslashes > > + msg_escaped = msg_duplicate(msg); > if (msg->sms.sms_type != report_mo) > - gw_sql_save_msg(msg, octstr_imm("MO")); > + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); > else > - gw_sql_save_msg(msg, octstr_imm("DLR")); > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); > + msg_destroy(msg_escaped); > > and > > - gw_sql_save_msg(msg, octstr_imm("MT")); > + msg_escaped = msg_duplicate(msg); > + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); > + msg_destroy(msg_escaped); > > (and other similar lines) > > You're duplicating the msg to msg_escaped and then running the same > gw_sql_save_msg function? What difference does it make? > > Or maybe msg_duplicate does some escaping magic I'm not aware of? If > msg_duplicate does what the name says, I don't see what's changed. > > Regards, > > Alex > -- > Alejandro Guerrieri > aguerri...@kannel.org > > > > On 11/06/2010, at 23:25, Rene Kluwen wrote: > > > Sorry for crossposting. But I think the users are allowed to know what is > > going on, even if this is a developers matter. > > > > I think I found the solution to the problem below, which affects all > > smsbox->sqlbox->bearerbox users. > > > > I must admit: Haven't tested it yet. But it should work. > > > > See attached patch. Votes? > > > > > > -----Original Message----- > > From: users-boun...@kannel.org [mailto:users-boun...@kannel.org] On > Behalf > > Of Tomasz > > Sent: vrijdag 11 juni 2010 15:10 > > To: Kannel list > > Subject: Re: Messages with php stripslashes > > > > Hi, > > > > I've got the same issue - when we send MT message by CGI which > > contains ' sign, the recipient gets \' (escaped '). When we inject MT > > directly to MySQL Database, recipient get only ' sing (valid!). > > > > Our configuration is: > > > > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC > > > > The problem is caused probably by SQLBOX - somewhere there must be > > some kind of addslashes function. Escaped sign is being delivered to > > BEARERBOX. I've tried to find this is source code but I was unable. > > > > Have someone fixed this problem yet? > > > > Thanks > > Tomasz > > > > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać: > > > >> I have posted some weeks ago a similar issue with sqlbox but it is not > >> resolved for the moment, Alejandro to check on his side to reproduce the > >> issue. > > > >> Check my post in the mailling list archive to see if it the same > problem: > > > >> Object: *Quote and backslash issue* > > > >> As you when using CGI interface to send a SMS I got the quote escaped on > > the > >> mobile, BUT when using directly SQL injection on sqlbox it works > > correctly. > > > >> Regards, > > > >> Emmanuel > > > > > > > > <sql-escape.patch> > > > > > -- Emmanuel CHANSON Emmanuel Mobile Nouvelle-Calédonie: +687.77.35.02 Mobile France: +33 (0) 6.68.03.89.56 @email : emmanuelchan...@gmail.com