Using "Assume -R" equal to yes it seems the patch is not applied (I checked the sqlbox.c file after and no occurence of msg_escaped for instance).
Alex where to downloaded the latest version of sqlbox? The one I got was from your website. BTW I try to apply the patch on the original source I have kept (sqlbox-0.7.2.tar.gz) but I got the same error. BR, Emmanuel 2010/6/14 Tomasz <ad...@impexrur.pl> > Hi, > > Try to use -R option with path or press "y" when "Assume -R? [n]" > displays. > > Regards, > Tomasz > > W Twoim liście datowanym 14 czerwca 2010 (11:46:40) można przeczytać: > > > Hello Rene, > > > Trying to patch gw/sqlbox.c I got this error, is it an issue? > > > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch > > patching file sqlbox.c > > patching file sqlbox.c > > Hunk #1 FAILED at 82. > > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej > > patching file sqlbox.c > > Reversed (or previously applied) patch detected! Assume -R? [n] n > > Apply anyway? [n] y > > Hunk #1 FAILED at 252. > > Hunk #2 FAILED at 269. > > Hunk #3 FAILED at 375. > > Hunk #4 FAILED at 398. > > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej > > [r...@kannel gw]# > > > > > > [r...@kannel gw]# cat sqlbox.c.rej > > Index: sb-config.h.in > > --- sb-config.h.in (revision 28) > > +++ sb-config.h.in (working copy) > > @@ -82,10 +82,6 @@ > > /* Define to 1 if you have the <unistd.h> header file. */ > > #undef HAVE_UNISTD_H > > > -/* Define to the sub-directory in which libtool stores uninstalled > > libraries. > > - */ > > -#undef LT_OBJDIR > > - > > /* Name of package */ > > #undef PACKAGE > > > Index: gw/sqlbox.c > > --- gw/sqlbox.c (revision 28) > > +++ gw/sqlbox.c (working copy) > > @@ -252,7 +252,7 @@ > > static void smsbox_to_bearerbox(void *arg) > > { > > Boxc *conn = arg; > > - Msg *msg; > > + Msg *msg, *msg_escaped; > > > /* remove messages from socket until it is closed */ > > while (sqlbox_status != SQL_DEAD && conn->alive) { > > @@ -269,7 +269,9 @@ > > if (msg_type(msg) == sms) { > > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received"); > > > - gw_sql_save_msg(msg, octstr_imm("MT")); > > + msg_escaped = msg_duplicate(msg); > > + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); > > + msg_destroy(msg_escaped); > > } > > > send_msg(conn->bearerbox_connection, conn, msg); > > @@ -375,7 +377,7 @@ > > > static void bearerbox_to_smsbox(void *arg) > > { > > - Msg *msg; > > + Msg *msg, *msg_escaped; > > Boxc *conn = arg; > > > while (sqlbox_status != SQL_DEAD && conn->alive) { > > @@ -398,10 +400,12 @@ > > break; > > } > > if ((msg_type(msg) == sms) && > > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) { > > + msg_escaped = msg_duplicate(msg); > > if (msg->sms.sms_type != report_mo) > > - gw_sql_save_msg(msg, octstr_imm("MO")); > > + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); > > else > > - gw_sql_save_msg(msg, octstr_imm("DLR")); > > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); > > + msg_destroy(msg_escaped); > > } > > send_msg(conn->smsbox_connection, conn, msg); > > msg_destroy(msg); > > [r...@kannel gw]# > > > Regards, > > > Emmanuel > > > > > 2010/6/13 Rene Kluwen <rene.klu...@chimit.nl> > > >> msg_duplicate is the normal function from msg.h. No special meaning. > >> > >> What happens is that gw_sql_save has a side effect. It escapes all text > >> strings with a backslash before the "'" sign because it displays them in > >> the > >> INSERT INTO... statement in the database. > >> When I designed the function I was under the impression that it escaped > the > >> strings in a copy... But apparently it doesn't. > >> > >> What happens in the "old" version is that gw_sql_save_msg escapes the > >> strings inline and later it does a "send_msg(conn->smsbox_connection, > conn, > >> msg)" with the same message... which has a backslash in front of the > "'". > >> > >> By duplicating the message before calling the gw_sql_save_msg, this > >> behavior > >> is eliminated. > >> > >> Someone on the mailinglist (Tomasz) has already confirmed that the > problem > >> has been solved with this patch. > >> > >> == Rene > >> > >> > >> > >> -----Original Message----- > >> From: Alejandro Guerrieri [mailto:aguerri...@kannel.org] > >> Sent: vrijdag 11 juni 2010 23:52 > >> To: Rene Kluwen > >> Cc: 'Tomasz'; 'Kannel list'; de...@kannel.org > >> Subject: Re: [PATCH] RE: Messages with php stripslashes > >> > >> + msg_escaped = msg_duplicate(msg); > >> if (msg->sms.sms_type != report_mo) > >> - gw_sql_save_msg(msg, octstr_imm("MO")); > >> + gw_sql_save_msg(msg_escaped, octstr_imm("MO")); > >> else > >> - gw_sql_save_msg(msg, octstr_imm("DLR")); > >> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR")); > >> + msg_destroy(msg_escaped); > >> > >> and > >> > >> - gw_sql_save_msg(msg, octstr_imm("MT")); > >> + msg_escaped = msg_duplicate(msg); > >> + gw_sql_save_msg(msg_escaped, octstr_imm("MT")); > >> + msg_destroy(msg_escaped); > >> > >> (and other similar lines) > >> > >> You're duplicating the msg to msg_escaped and then running the same > >> gw_sql_save_msg function? What difference does it make? > >> > >> Or maybe msg_duplicate does some escaping magic I'm not aware of? If > >> msg_duplicate does what the name says, I don't see what's changed. > >> > >> Regards, > >> > >> Alex > >> -- > >> Alejandro Guerrieri > >> aguerri...@kannel.org > >> > >> > >> > >> On 11/06/2010, at 23:25, Rene Kluwen wrote: > >> > >> > Sorry for crossposting. But I think the users are allowed to know what > is > >> > going on, even if this is a developers matter. > >> > > >> > I think I found the solution to the problem below, which affects all > >> > smsbox->sqlbox->bearerbox users. > >> > > >> > I must admit: Haven't tested it yet. But it should work. > >> > > >> > See attached patch. Votes? > >> > > >> > > >> > -----Original Message----- > >> > From: users-boun...@kannel.org [mailto:users-boun...@kannel.org] On > >> Behalf > >> > Of Tomasz > >> > Sent: vrijdag 11 juni 2010 15:10 > >> > To: Kannel list > >> > Subject: Re: Messages with php stripslashes > >> > > >> > Hi, > >> > > >> > I've got the same issue - when we send MT message by CGI which > >> > contains ' sign, the recipient gets \' (escaped '). When we inject MT > >> > directly to MySQL Database, recipient get only ' sing (valid!). > >> > > >> > Our configuration is: > >> > > >> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC > >> > > >> > The problem is caused probably by SQLBOX - somewhere there must be > >> > some kind of addslashes function. Escaped sign is being delivered to > >> > BEARERBOX. I've tried to find this is source code but I was unable. > >> > > >> > Have someone fixed this problem yet? > >> > > >> > Thanks > >> > Tomasz > >> > > >> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać: > >> > > >> >> I have posted some weeks ago a similar issue with sqlbox but it is > not > >> >> resolved for the moment, Alejandro to check on his side to reproduce > the > >> >> issue. > >> > > >> >> Check my post in the mailling list archive to see if it the same > >> problem: > >> > > >> >> Object: *Quote and backslash issue* > >> > > >> >> As you when using CGI interface to send a SMS I got the quote escaped > on > >> > the > >> >> mobile, BUT when using directly SQL injection on sqlbox it works > >> > correctly. > >> > > >> >> Regards, > >> > > >> >> Emmanuel > >> > > >> > > >> > > >> > <sql-escape.patch> > > > -- Emmanuel CHANSON Emmanuel Mobile Nouvelle-Calédonie: +687.77.35.02 Mobile France: +33 (0) 6.68.03.89.56 @email : emmanuelchan...@gmail.com