[Vtigercrm-developers] [vtiger-commits] r3875 - /vtigercrm/branches/4.2/include/database/PearDatabase.php

[Allan Bush]

I haven't a clue.  If you leave it in though systems with magic quotes
turned on get unescaped twice (making putting a \ into a field really
hard).  Frankly the sql injection prevention code is an unorganized
mess and I wouldn't trust it to work everywhere as it is.

On 2/24/06, Mike Fedyk <mfedyk at mikefedyk.com> wrote:
> How are systems like SOAP and etc. that don't access vtiger through
> index.php affected by this change?
>
> vtiger-commits at vtiger.fosslabs.com wrote:
>
> >Author: allanbush
> >Date: Tue Feb 21 18:44:59 2006
> >New Revision: 3875
> >
> >Log:
> >removed magic quotes check on input sanitization as magic quotes are removed on all input in the index.php file
> >
> >Modified:
> >    vtigercrm/branches/4.2/include/database/PearDatabase.php
> >
> >Modified: vtigercrm/branches/4.2/include/database/PearDatabase.php
> >==============================================================================
> >--- vtigercrm/branches/4.2/include/database/PearDatabase.php (original)
> >+++ vtigercrm/branches/4.2/include/database/PearDatabase.php Tue Feb 21 18:44:59 2006
> >@@ -747,7 +747,7 @@
> >
> >
> > function quote($string){
> >-      return ADOConnection::qstr($string,get_magic_quotes_gpc());
> >+      return ADOConnection::qstr($string);
> > }
> >
> >
> >
> >
> >_______________________________________________
> >This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
> >http://zohowriter.com/?vt
> >
> >
> >
> _______________________________________________
> This vtiger.com email is sponsored by: Zoho Writer. Are you still using your desktop word processor for typing documents? Try the AJAX enabled, collaboration-friendly online word processor, Zoho Writer for FREE instead!
> http://zohowriter.com/?vt
>