[vtiger-commits] r3875 - /vtigercrm/branches/4.2/include/database/PearDatabase.php

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[vtiger-commits] r3875 - /vtigercrm/branches/4.2/include/database/PearDatabase.php

vtiger-commits-2
Author: allanbush
Date: Tue Feb 21 18:44:59 2006
New Revision: 3875

Log:
removed magic quotes check on input sanitization as magic quotes are removed on all input in the index.php file

Modified:
    vtigercrm/branches/4.2/include/database/PearDatabase.php

Modified: vtigercrm/branches/4.2/include/database/PearDatabase.php
==============================================================================
--- vtigercrm/branches/4.2/include/database/PearDatabase.php (original)
+++ vtigercrm/branches/4.2/include/database/PearDatabase.php Tue Feb 21 18:44:59 2006
@@ -747,7 +747,7 @@
 
 
 function quote($string){
- return ADOConnection::qstr($string,get_magic_quotes_gpc());
+ return ADOConnection::qstr($string);
 }
 
 


_______________________________________________
This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
http://zohowriter.com/?vt 
Reply | Threaded
Open this post in threaded view
|

Re: [vtiger-commits] r3875 - /vtigercrm/branches/4.2/include/database/PearDatabase.php

Mike Fedyk
How are systems like SOAP and etc. that don't access vtiger through
index.php affected by this change?

[hidden email] wrote:

>Author: allanbush
>Date: Tue Feb 21 18:44:59 2006
>New Revision: 3875
>
>Log:
>removed magic quotes check on input sanitization as magic quotes are removed on all input in the index.php file
>
>Modified:
>    vtigercrm/branches/4.2/include/database/PearDatabase.php
>
>Modified: vtigercrm/branches/4.2/include/database/PearDatabase.php
>==============================================================================
>--- vtigercrm/branches/4.2/include/database/PearDatabase.php (original)
>+++ vtigercrm/branches/4.2/include/database/PearDatabase.php Tue Feb 21 18:44:59 2006
>@@ -747,7 +747,7 @@
>
>
> function quote($string){
>- return ADOConnection::qstr($string,get_magic_quotes_gpc());
>+ return ADOConnection::qstr($string);
> }
>
>
>
>
>_______________________________________________
>This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
>http://zohowriter.com/?vt 
>
>  
>
_______________________________________________
This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
http://zohowriter.com/?vt 
Reply | Threaded
Open this post in threaded view
|

Re: [vtiger-commits] r3875 - /vtigercrm/branches/4.2/include/database/PearDatabase.php

Allan Bush
I haven't a clue.  If you leave it in though systems with magic quotes
turned on get unescaped twice (making putting a \ into a field really
hard).  Frankly the sql injection prevention code is an unorganized
mess and I wouldn't trust it to work everywhere as it is.

On 2/24/06, Mike Fedyk <[hidden email]> wrote:

> How are systems like SOAP and etc. that don't access vtiger through
> index.php affected by this change?
>
> [hidden email] wrote:
>
> >Author: allanbush
> >Date: Tue Feb 21 18:44:59 2006
> >New Revision: 3875
> >
> >Log:
> >removed magic quotes check on input sanitization as magic quotes are removed on all input in the index.php file
> >
> >Modified:
> >    vtigercrm/branches/4.2/include/database/PearDatabase.php
> >
> >Modified: vtigercrm/branches/4.2/include/database/PearDatabase.php
> >==============================================================================
> >--- vtigercrm/branches/4.2/include/database/PearDatabase.php (original)
> >+++ vtigercrm/branches/4.2/include/database/PearDatabase.php Tue Feb 21 18:44:59 2006
> >@@ -747,7 +747,7 @@
> >
> >
> > function quote($string){
> >-      return ADOConnection::qstr($string,get_magic_quotes_gpc());
> >+      return ADOConnection::qstr($string);
> > }
> >
> >
> >
> >
> >_______________________________________________
> >This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
> >http://zohowriter.com/?vt
> >
> >
> >
> _______________________________________________
> This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
> http://zohowriter.com/?vt
>

_______________________________________________
This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
http://zohowriter.com/?vt