[kforge-dev] beta site up: knowledgeforge.net

• Previous message: [kforge-dev] beta site up: knowledgeforge.net
• Next message: [kforge-dev] update set of backlog tasks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Nick for this. The trackback is only because we have PythonDebug 
On for development purposes. I should probably turn this off, at least 
in knowledgeforge.net site. Of course this still leaves the issue with 
unescaped characters. Perhaps you would like to open the first ticket :).

Regards,

Rufus

PS: i don't think your emails went through to the list because you sent 
them from a non-subscribed email (i think you subscribed with some gmail 
type address). Due to spam all non-subscriber emails are autodiscarded 
unfortunately.

Nick Stenning wrote:
> Dear All,
> 
> Just noticed a potentially very nasty bug.
> 
> The people and project search fields are currently being passed in as
> SQL unescaped. So you can cause a traceback by searching for something
> with a single apostrophe in it, and could I imagine also drop
> rows/tables with a bit of SQL.
> 
> This is probably Django's fault but it should probably be fixed soonish!
> 
> Regards,
> Nick

• Previous message: [kforge-dev] beta site up: knowledgeforge.net
• Next message: [kforge-dev] update set of backlog tasks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]