Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #12828: Default wiki page names must be escaped before being used in a SQL query

Download Browse

Otherwise the DB is not able to encode the strings correctly and warnings or errors might happen when executing the queries. Even without encoding issues related to the character set being used, any inputs should not be blindly concatened into a SQL query. In a case where defaults are applied to the DB (a standard dev instance for example) this contribution does not change anything functionally. In other cases it prevents the impacted SQL queries failures. Change-Id: Ie6b16efb48847ecca9985c2a9f1a51b0d9251dcb

+25 −13
Thomas Gerbet (tgerbet) 2019-01-24 12:01
Thomas Gerbet (tgerbet) 2019-01-24 12:13
b391772fb9b433223cf9234d5371919090efcca0
de96dc880af35982fbaf734f672efa9a6d256f9a
git #tuleap/stable/b391772fb9b433223cf9234d5371919090efcca0

Modified Files

Side by side diff
Inline diff
Name
M src/common/wiki/lib/Wiki.class.php +6 −3 Go to diff View file
M src/common/wiki/lib/WikiPage.class.php +19 −10 Go to diff View file