You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Chris Chabot (JIRA)" <ji...@apache.org> on 2008/06/17 15:03:45 UTC
[jira] Resolved: (SHINDIG-389) Person App data is not getting
updated
[ https://issues.apache.org/jira/browse/SHINDIG-389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Chabot resolved SHINDIG-389.
----------------------------------
Resolution: Fixed
Assignee: Chris Chabot
Ah the old magic quotes ... Please don't make the same mistake as me and assume that everyone has them turned on :) The proper format is:
if (get_magic_quotes_gpc()) {
$jsonActivity = stripslashes($jsonActivity);
}
Also please keep in mind that magic quotes in general is the root of all evil ... it doesn't protect you from SQL injection (the very reason for which it was invented) since a cleverly crafted UTF-8 string can still contain quotes, without magic quotes having any idea whats going on ... so in essence magic quotes means you always have to stripslashes() and then do something like a mysqli_real_escape_string() which is char set aware..
Anyhow that rant aside, thanks for catching this! Fix is in svn
> Person App data is not getting updated
> --------------------------------------
>
> Key: SHINDIG-389
> URL: https://issues.apache.org/jira/browse/SHINDIG-389
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (PHP)
> Environment: Windows, Apache
> Reporter: impetus technologies
> Assignee: Chris Chabot
> Attachments: AppDataHandler.php.patch
>
>
> Values coming in the $_POST['entry'] or $_GET['entry'] are having '\' that's why they are not proper Json objects, hence data is not getting updated. We need to remove slashes by stripslashes() from $_POST['entry'] or $_GET['entry'].
> Patch file is attached.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.