[Koha-devel] And finally... bug 662
Chris Cormack
chris at katipo.co.nz
Thu Jan 8 18:27:02 CET 2004
On Thu, Jan 08, 2004 at 05:49:46PM +0000, MJ Ray said:
> I've almost finished committing fixes for bug 662 to the 2.0 branch.
> That's the one with DBI calls using interpolation instead of
> placeholders, which is a common way for user input SQL insertion
> attacks. I think it's a blocker, but Paul hasn't agreed. Can these
> fixes be copied to HEAD/2.1, please?
>
Will do
> I'm assuming that the updater scripts are never run from the web and
> leaving them alone for now. Is that correct?
>
Yep, thats a fair call
> Three comments from the last round of fixes:
> 1. The same code repeated lots is probably an indication that
> something isn't right;
> 2. Helpers like counters of array length can often be done another
> clearer way;
> 3. dbh->quote() is very rarely needed.
>
All true
> Finally, sorry if I broke anything. Since the first problems, I'm
> checking with perl -c as much as possible, but it's not all been
> tested in place yet.
>
No problem, things break during development, thats a given :)
Thanks heaps for all your hard work on this, its really appreciated.
Chris
--
Chris Cormack Programmer
027 4500 789 Katipo Communications Ltd
chris at katipo.co.nz www.katipo.co.nz
More information about the Koha-devel
mailing list