Settings escaping bug

1 view
Skip to first unread message

HRabbit

unread,
Apr 14, 2008, 2:30:37 AM4/14/08
to Gelato CMS
It appears that settings that are submitted to the database..

eg. Description:

Seems to ignore cleanup procedures (eg. mysql_escape_string/
stripslahes etc) and as such special characters are passed directly to
the query.

This is apparent when submitting a description with a ' (single quote)
inside it.
Reply all
Reply to author
Forward
0 new messages