[kforge-dev] beta site up: knowledgeforge.net
Rufus Pollock
rufus.pollock at okfn.org
Fri Oct 21 20:54:44 UTC 2005
Thanks Nick for this. The trackback is only because we have PythonDebug
On for development purposes. I should probably turn this off, at least
in knowledgeforge.net site. Of course this still leaves the issue with
unescaped characters. Perhaps you would like to open the first ticket :).
Regards,
Rufus
PS: i don't think your emails went through to the list because you sent
them from a non-subscribed email (i think you subscribed with some gmail
type address). Due to spam all non-subscriber emails are autodiscarded
unfortunately.
Nick Stenning wrote:
> Dear All,
>
> Just noticed a potentially very nasty bug.
>
> The people and project search fields are currently being passed in as
> SQL unescaped. So you can cause a traceback by searching for something
> with a single apostrophe in it, and could I imagine also drop
> rows/tables with a bit of SQL.
>
> This is probably Django's fault but it should probably be fixed soonish!
>
> Regards,
> Nick
More information about the kforge-dev
mailing list