mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-08 22:01:03 +01:00
No description
ff2b58dab7
Summary: MySQL doesn't treat `\` as escaping character in ##``##. This isn't probably SQL injection hole because I've found no calls of this method with user input. But better safe than sorry. See also [[http://dev.mysql.com/doc/refman/5.1/en/server-sql-mode.html#sqlmode_no_backslash_escapes | NO_BACKSLASH_ESCAPES]]. Test Plan: lang=sql SELECT `a\`b`; -- Throws: Syntax error near '`'. -- Should throw: Unknown column 'a`b'. Reviewers: epriestley Reviewed By: epriestley CC: aran Differential Revision: https://secure.phabricator.com/D2109 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support/aphlict | ||
| webroot | ||
| .arcconfig | ||
| .divinerconfig | ||
| .gitignore | ||
| .gitmodules | ||
| README | ||
Phabricator is a open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. This is an early release. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted. http://www.apache.org/licenses/LICENSE-2.0