xcvs-loginfo should use mysql_real_escape_string() not mysql_escape_string()

Posted by dww on August 17, 2009 at 9:41pm

Issue Summary

In IRC, merlinofchaos pointed out http://drupal.org/cvs?commit=252248

That used to just have the message:

#545540 by Roger L

Looked like the accented o in his name confused the xcvs-loginfo script. Looking at the code, we're calling mysql_escape_string(). Reading the PHP docs, looks like we really want to be using mysql_real_escape_string() instead, since the later "tak[es] into account the current character set of the connection".

Comments

#1

Posted by dww on August 17, 2009 at 9:45pm

Status:

active

» needs review

Attachment	Size
551766-1.xcvs-mysql_real_escape_string.patch	3.64 KB

#2

Posted by dww on November 25, 2009 at 6:46pm

Status:

needs review

» fixed

Finally committed this to HEAD in anticipation of an official alpha release.

#3

Posted by System Message on December 9, 2009 at 6:50pm

Status:

fixed

» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Project:	CVS integration
Version:	6.x-1.x-dev
Component:	X-CVS scripts
Category:	bug report
Priority:	normal
Assigned:	dww
Status:	closed (fixed)

xcvs-loginfo should use mysql_real_escape_string() not mysql_escape_string()

Jump to:

Issue Summary

Comments

#1

#2

#3