projects / phppgadmin.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 185b619) | patch
Fix for BUG #2857758, don't clean() comments before submitting them to setComment...
authorRobert Treat <robert@new-host-2.home>
Fri, 1 Jan 2010 15:45:11 +0000 (10:45 -0500)
committerRobert Treat <robert@new-host-2.home>
Fri, 1 Jan 2010 15:45:11 +0000 (10:45 -0500)
commit12e27672993b47a80eca61ab0bb0174cf2249dd8
tree67758cb86d7872fd14edcd79c8f8586d61cabb57tree
parent185b61947114ddd1f38607086c1afb34ad647379commit | diff
Fix for BUG #2857758, don't clean() comments before submitting them to setComment. This is somewhat counter-intuitive, but since we clean the comment in setComment itself, cleaning before hand means we end up with doubly escaped data. We don't really have a good way to prevent this (like a subclassed type or something), so we'll go with this for now. The alternative would have been to not clean() the comments in setComment itself, however that would mean that forgetting to clean() it in the passing function would result in a security exploit (and note we already did not apply this uniformly). I think there is a saying to keep the escaping as close to the db interaction as possible, and this seems to mesh with that idea.
classes/database/Postgres.php diff | blob | blame | history
classes/database/Postgres73.php diff | blob | blame | history
classes/database/Postgres74.php diff | blob | blame | history
classes/database/Postgres80.php diff | blob | blame | history
classes/database/Postgres82.php diff | blob | blame | history
phpPgAdmin is the premiere web based administration tool for PostgreSQL.