Re: svn commit: r1429235 - in /subversion/trunk/tools/hook-scripts: validate-files.conf.example validate-files.py

From: Ben Reser <ben_at_reser.org>
Date: Sat, 5 Jan 2013 16:32:28 -0800

On Sat, Jan 5, 2013 at 11:17 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> This quoting is insufficient, it's still prone to SQL injections. Since
> this is a problem every user of this script would have to solve, how
> about having the script ensure that $FILE doesn't contain "'"?
>
> Perhaps make this configurable via a "upon-single-quote = {continue|raise}"
> knob in the config file.

Thanks for the feedback. Switching to environment variables and
letting the shell expand the variables should resolve that.

Done in r1429444
Received on 2013-01-06 01:33:10 CET

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: [RFC] Deprecate Berkelety DB filesystem backend"
Previous message: Branko Čibej: "Re: [RFC] Deprecate Berkelety DB filesystem backend"
In reply to: Daniel Shahaf: "Re: svn commit: r1429235 - in /subversion/trunk/tools/hook-scripts: validate-files.conf.example validate-files.py"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]