[imp] Bug in IMP 2.2.6: Escaped backslash in Preferences/signature

[Fritz Zaucker]

The patch seems to be working fine for me (running MySQL as DB).

Thanks a lot,
Fritz

On Fri, 3 Aug 2001, Rich Lafferty wrote:

> On Fri, Aug 03, 2001 at 06:43:56PM +0200, Fritz Zaucker (zaucker@ee.ethz.ch) wrote:
> > This behaviour can be verified on the IMP demo site at
> > https://demo.horde.org/stable/horde/imp/
>
> Aha! The demo's using MySQL, and I'm using Postgres, which explains
> why I couldn't reproduce it. So...
>
> > If a backslash is used in Preferences/Signature the backslash is
> > "escaped" with a second backslash upon saving the Preferences.
> >
> > This is done by the call to addslashes() in the file
> > horde/imp/prefs.php3 in line 69:
>
> This part's fine; the problem is that it's done /again/ in
> imp_set_signature in horde/imp/lib/db.mysql (and also for a handful of
> other functions in there). I don't use MySQL at all, though; I'd
> appreciate it if you (Fritz) or another MySQL user could test it for
> me. (The patch is appended below my .signature.)
>
> > If addslashes() is removed from that line, no second backslash is added.
> >
> > The question is if this is save to do there?
>
> While I realize this isn't what you meant when you asked, we have to
> change db.mysql instead of prefs.php3 because all of the other
> database library files count on imp_set_* being handed sanitized data.
>
> (Oh, and be sure to put magic_quotes_sybase back to 'off' if you
> turned it on.)
>
>   -Rich
>
>

-- 
Dr. Fritz Zaucker, Head IT Support Group
Department of Electrical Engineering,  Federal Institute of Technology
ETZ J97, Gloriastrasse 35, CH-8092 Zurich, Switzerland
Tel.: +41-1-632-5241 Fax: +41-1-632-1194 http://people.ee.ethz.ch/~zaucker/
E-mail: zaucker@ee.ethz.ch (see home page for PGP key)