[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1429235 - in /subversion/trunk/tools/hook-scripts: validate-files.conf.example validate-files.py

From: Ben Reser <ben_at_reser.org>
Date: Sat, 5 Jan 2013 16:32:28 -0800

On Sat, Jan 5, 2013 at 11:17 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> This quoting is insufficient, it's still prone to SQL injections. Since
> this is a problem every user of this script would have to solve, how
> about having the script ensure that $FILE doesn't contain "'"?
> Perhaps make this configurable via a "upon-single-quote = {continue|raise}"
> knob in the config file.

Thanks for the feedback. Switching to environment variables and
letting the shell expand the variables should resolve that.

Done in r1429444
Received on 2013-01-06 01:33:10 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.