[AppDB] Fix to allow creating of new accounts (urgent)
tony_lambregts at telusplanet.net
tony_lambregts at telusplanet.net
Wed Jan 5 20:17:47 CST 2005
Tobias Burnus wrote:
> Hello,
>
> tony_lambregts at telusplanet.net wrote:
>
>>>> - "'$realname', '$email', NOW(), 0, 0)");
>>>> + "'$realname', '$email', NOW(), 0, 0,
>>>> '$CVSrelease')");
>>>
>>>
>>> Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or
>>> is it ensured elsewhere that no unwanted characters are in the
>>> string? ( ' is escaped in PHP, isn't it?)
>>
>> This is a not a security patch...
>
>
> True, but shouldn't one try to be secure if one needs to touch such lines?
>
> Tobias
>
>
>
I admit it I am an idiot for not knowing what to do to fix security flaws.
More information about the wine-devel
mailing list