[kforge-dev] beta site up: knowledgeforge.net
nickstenning+lists at gmail.com
Sun Nov 6 17:17:12 UTC 2005
Repost of a message I sent to the list from the wrong address, note
that the bug described has, I'm told, been fixed.
---------- Forwarded message ----------
From: Nick Stenning <nick at whiteink.com>
Date: Oct 21, 2005 6:11 PM
Subject: Re: [kforge-dev] beta site up: knowledgeforge.net
To: Rufus Pollock <rufus.pollock at okfn.org>
Cc: John Bywater <john.bywater at appropriatesoftwarefoundation.org>,
KForge Development <kforge-dev at lists.okfn.org>
Just noticed a potentially very nasty bug.
The people and project search fields are currently being passed in as
SQL unescaped. So you can cause a traceback by searching for something
with a single apostrophe in it, and could I imagine also drop
rows/tables with a bit of SQL.
This is probably Django's fault but it should probably be fixed soonish!
More information about the kforge-dev