https://bugzilla.wikimedia.org/show_bug.cgi?id=55427
Web browser: ---
Bug ID: 55427
Summary: DatabaseMysqlBase::addIdentifierQuotes does not
properly escape
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Database
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Mobile Platform: ---
DatabaseBase::addIdentifierQuotes escapes strings for use as an identifier
before quoting them. However, DatabaseMysqlBase::addIdentifierQuotes uses a
different type of quote (backticks) because of MySQL behavior.
Despite this, it still applies default escaping. If any database identifiers
happen to have bad characters in them (highly unlikely, but a possibility),
then it would cause a problem.
This would involve fixing DatabaseMysqlBase to escape the proper characters
rather than just calling strencode like it does now.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
