Last modified: 2014-08-29 19:15:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T57427, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 55427 - DatabaseMysqlBase::addIdentifierQuotes does not properly escape
DatabaseMysqlBase::addIdentifierQuotes does not properly escape
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Database (Other open bugs)
1.22.0
All All
: High normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 40959 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-07 17:54 UTC by Tyler Romeo
Modified: 2014-08-29 19:15 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tyler Romeo 2013-10-07 17:54:55 UTC 
DatabaseBase::addIdentifierQuotes escapes strings for use as an identifier before quoting them. However, DatabaseMysqlBase::addIdentifierQuotes uses a different type of quote (backticks) because of MySQL behavior.

Despite this, it still applies default escaping. If any database identifiers happen to have bad characters in them (highly unlikely, but a possibility), then it would cause a problem.

This would involve fixing DatabaseMysqlBase to escape the proper characters rather than just calling strencode like it does now.
Comment 1 Gerrit Notification Bot 2013-10-08 18:41:26 UTC 
Change 88533 had a related patch set uploaded by BryanDavis:
Escape backticks when quoting MySQL identifiers

https://gerrit.wikimedia.org/r/88533
Comment 2 Gerrit Notification Bot 2013-10-09 22:12:28 UTC 
Change 88533 merged by jenkins-bot:
Escape backticks when quoting MySQL identifiers

https://gerrit.wikimedia.org/r/88533
Comment 3 Addshore 2013-11-05 10:48:19 UTC 
Is this resolved as the patch is merged?
Comment 4 Alex Monk 2014-08-29 19:15:37 UTC 
*** Bug 40959 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links