[AppDB] Fix to allow creating of new accounts (urgent)

Tobias Burnus burnus at gmx.de
Wed Jan 5 12:10:11 CST 2005


tony_lambregts at telusplanet.net wrote:
>>> -                              "'$realname', '$email', NOW(), 0, 0)");
>>> +                              "'$realname', '$email', NOW(), 0, 0, 
>>> '$CVSrelease')");
>> Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is 
>> it ensured elsewhere that no unwanted characters are in the string? ( 
>> ' is escaped in PHP, isn't it?)
> This is a not a security patch...

True, but shouldn't one try to be secure if one needs to touch such lines?


More information about the wine-devel mailing list