https://bugzilla.wikimedia.org/show_bug.cgi?id=17332
Summary: quote mark unprocessed in DatabasePostgres.php
Product: MediaWiki
Version: 1.13.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Normal
Component: Database
AssignedTo: [email protected]
ReportedBy: [email protected]
In includes\db\DatabasePostgres.php file line 1235.
==============================================================
$ctype = pg_fetch_result($this->doQuery("SHOW lc_ctype"),0,0);
$SQL = "UPDATE mediawiki_version SET mw_version=$mwv, "
."pg_version=$pgv, pg_user=$pgu, "
."mw_schema = $mws, ts2_schema = $tss, "
."pg_port=$pgp, pg_dbname=$dbn, "
."ctype = '$ctype' "
."WHERE type = 'Creation'";
$this->query($SQL);
==============================================================
When the command "SHOW lc_ctype" returns a string include "'" symbol,
for example: "Chinese_People's Republic of China.936", the sql failed, because
the "'" symbol was not escaped.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
