[kforge-dev] beta site up: knowledgeforge.net

Rufus Pollock rufus.pollock at okfn.org
Fri Oct 21 20:54:44 UTC 2005

Thanks Nick for this. The trackback is only because we have PythonDebug 
On for development purposes. I should probably turn this off, at least 
in knowledgeforge.net site. Of course this still leaves the issue with 
unescaped characters. Perhaps you would like to open the first ticket :).



PS: i don't think your emails went through to the list because you sent 
them from a non-subscribed email (i think you subscribed with some gmail 
type address). Due to spam all non-subscriber emails are autodiscarded 

Nick Stenning wrote:
> Dear All,
> Just noticed a potentially very nasty bug.
> The people and project search fields are currently being passed in as
> SQL unescaped. So you can cause a traceback by searching for something
> with a single apostrophe in it, and could I imagine also drop
> rows/tables with a bit of SQL.
> This is probably Django's fault but it should probably be fixed soonish!
> Regards,
> Nick

More information about the kforge-dev mailing list