Groups
Groups
Sign in
Groups
Groups
Gelato CMS
Conversations
About
Send feedback
Help
Settings escaping bug
1 view
Skip to first unread message
HRabbit
unread,
Apr 14, 2008, 2:30:37 AM
4/14/08
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Gelato CMS
It appears that settings that are submitted to the database..
eg. Description:
Seems to ignore cleanup procedures (eg. mysql_escape_string/
stripslahes etc) and as such special characters are passed directly to
the query.
This is apparent when submitting a description with a ' (single quote)
inside it.
Reply all
Reply to author
Forward
0 new messages