[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] error in lib/vend/table/dbi.pm?

To: interchange-users@interchange.redhat.com
Subject: Re: [ic] error in lib/vend/table/dbi.pm?
From: racke@linuxia.de (Stefan Hornburg (Racke))
Date: 28 Oct 2001 20:45:45 +0100
In-Reply-To: Frederic Steinfels's message of "Fri, 26 Oct 2001 21:52:22 +0200"
References: <3BD9BEF6.8010901@dvdupgrades.ch>
User-Agent: Gnus/5.0803 (Gnus v5.8.3) XEmacs/21.1 (Capitol Reef)

Frederic Steinfels <fredo@dvdupgrades.ch> writes:

> Hi everybody
> 
> I have just spent two hours finding out why my SQL Query "SHOW COLUMNS 
> FROM pricing" failed. I hope this fix will be implemented in the next 
> release.
> 
> In Interchange 4.8.1 dbi.pm line 1498 there is written
> 
>     $update = 1 if $query !~ /^\s*select\s+/i;
> 
> In order to get those show and explain things to work, you whould write
> 
>     $update = 1 if $query !~ /^\s*(select|show|explain)\s+/i;
> 
> or are there any security issues?

I suppose no one thought of these statements resp. a meaningful use
of these statements within IC. You're supposed to know your database
structure beforehand.

Ciao
        Racke

-- 
Racke happily hacks Interchange and maintains Debian packages like Courier.

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)
_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users

References:
- [ic] error in lib/vend/table/dbi.pm?
  - From: Frederic Steinfels <fredo@dvdupgrades.ch>

Prev by Date: [ic] Tax Handling
Next by Date: Re: [ic] table-editor question
Prev by thread: [ic] error in lib/vend/table/dbi.pm?
Next by thread: [ic] Install still (and more) Internal server error...
Index(es):
- Date
- Thread