Re: [Monotone-devel] [PATCH] New typesafe VA

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for databa

From:	Christof Petig
Subject:	Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style
Date:	Wed, 25 Jan 2006 08:53:32 +0100
User-agent:	Mail/News 1.5 (X11/20060119)

Glen Ditchfield wrote:
> But does that ensure that the right thing will happen if the parameter has a 
> single quote in it?
> 
> By the way, here is what monotone 0.23 on SuSE 9.2 does in one case:
>   [~]$ monotone ls certs a:o\'toole
>   monotone: expanding selection 'a:o'toole'
>   monotone: error: sqlite error: 1: near "toole": syntax error
>   monotone: error: make sure database and containing directory are writeable

I do not trust the string mangling done in the selector code! A rewrite
to use query parameter would be a good idea. But that's not my cup of
tea (trying to port cvssync to rosters) I can confirm that different
parts are indead sql injection proof.

   Christof

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Vinzenz 'evilissimo' Feenstra, 2006/01/23
- Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Nathaniel Smith, 2006/01/24
  - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Glen Ditchfield, 2006/01/24
    - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Christof Petig, 2006/01/24
    - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Glen Ditchfield, 2006/01/24
    - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Christof Petig <=
    - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Nathaniel Smith, 2006/01/25
  - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Christof Petig, 2006/01/24
    - Message not available
    - Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style, Christof Petig, 2006/01/25

Prev by Date: Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style
Next by Date: Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style
Previous by thread: Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style
Next by thread: Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style
Index(es):
- Date
- Thread