Install Drupal, get to the form where you specify DB info. Enter a backslash or single quote into username or somewhere else, hit Submit and that formfield will have added backslashes to that entity. Keep hitting Submit and they will multiply. Found this out when working MS SQL support which can use backslashes for DB host.

CommentFileSizeAuthor
#2 fix_gpc.patch884 bytesRobRoy

Comments

RobRoy’s picture

RobRoy commented

We'll also need to keep in mind the proper writing of entities to the $db_url in settings.php since any backslashes (or single quotes for the sake of example, but I don't think these would/should ever be used) actually DO need to be escaped in that string.

RobRoy’s picture

RobRoy commented
Status: Active » Needs review
StatusFileSize
new fix_gpc.patch884 bytes

chx to the rescue.

Fixed a couple nearby comment punctuation.

drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Needs review » Needs work

I the fix_gpc_magic() call should go closer to where this is actually needed, rather than including more code on bootstrap and defeating the purpose of bootstrap (including only what code is needed).

RobRoy’s picture

RobRoy commented

Okay, someone will have to let me know where that is. I thought the config was only used for the install process, but I guess I was wrong. Where to then, on top of the install.inc? I'm no install expert so let me know. :)

artsiavi’s picture

artsiavi commented
Title: DB install form keeps adding slashes on unsuccessful form submission » database.mssql.inc
Version: 5.x-dev » 6.17
damien tournoud’s picture

damien tournoud commented
Title: database.mssql.inc » DB install form keeps adding slashes on unsuccessful form submission
Version: 6.17 » 5.x-dev
Status: Needs work » Closed (won't fix)