Unable to select user, that has ' in it's username

3 views
Skip to first unread message

Alexander Obuhovich

unread,
Mar 13, 2011, 6:56:55 AM3/13/11
to In-Portal Bugs
In-Portal uses formatter classes to transform database values into human readable form and back.

Class kLEFTFormatter in particular is used along with user selectors to convert username selected into ID and back. I've recently discovered, that it doesn't escape value from the form before checking it's presence in database resulting sql error, when username has ' in it.


Ready for testing.
left_formatter_sql_error_when_field_contains_single_quote.patch

Phil

unread,
Mar 13, 2011, 7:39:42 AM3/13/11
to In-Portal Bugs Team
good catch, allready reported here
http://groups.google.com/group/in-portal-bugs/browse_thread/thread/10ecfa8eec614ca/da7c131dfe5b1d1e

and seems related also to
https://groups.google.com/forum/#!topic/in-portal-dev/_zXDBTcrRiw
>  left_formatter_sql_error_when_field_contains_single_quote.patch
> 1KAfficherTélécharger

Alexander Obuhovich

unread,
Mar 13, 2011, 7:48:27 AM3/13/11
to in-port...@googlegroups.com
Thanks. You are right about that one. I've set proper relation between mentioned discussion and my task in issue tracker.



--
You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

Phil -- wbtc.fr --

unread,
Mar 13, 2011, 8:14:51 AM3/13/11
to in-port...@googlegroups.com
thanks, I forgot to do it !

2011/3/13 Alexander Obuhovich <aik....@gmail.com>

Dmitry A.

unread,
Mar 13, 2011, 7:21:00 PM3/13/11
to in-port...@googlegroups.com
A good one!

Cheers!


DA
Reply all
Reply to author
Forward
0 new messages