xcvs-loginfo should use mysql_real_escape_string() not mysql_escape_string()
dww - August 17, 2009 - 21:41
| Project: | CVS integration |
| Version: | 6.x-1.x-dev |
| Component: | X-CVS scripts |
| Category: | bug report |
| Priority: | normal |
| Assigned: | dww |
| Status: | fixed |
Description
In IRC, merlinofchaos pointed out http://drupal.org/cvs?commit=252248
That used to just have the message:
#545540 by Roger LLooked like the accented o in his name confused the xcvs-loginfo script. Looking at the code, we're calling mysql_escape_string(). Reading the PHP docs, looks like we really want to be using mysql_real_escape_string() instead, since the later "tak[es] into account the current character set of the connection".
#1
#2
Finally committed this to HEAD in anticipation of an official alpha release.