Bug report concerning the signature file

Rob Whisonant · Post by **Rob Whisonant** » Mon Mar 03, 2008 8:36 am

Just a quick bug report.

If you include a ' in a signature file it is not escaped and throws an SQL insert error.

Re's
Rob

Post by **Klemen** » Mon Mar 03, 2008 5:06 pm

Hi,

Hesk should automatically add slashes to all input data

Code: Select all

    if (!ini_get('magic_quotes_gpc'))
    {
        if (!is_array($in))
            $in = addslashes($in);
        else
            $in = hesk_slashArray($in);
    }

Will have a look though and see if I can find the problem. Could you by any chance upload phpinfo file on your server and post the link here so I can check your server config?
http://www.phpjunkyard.com/extras/phpinfo.zip

Rob Whisonant · Post by **Rob Whisonant** » Tue Mar 04, 2008 5:24 am

The problem only happens when you reply to an open ticket. If you un tick add signature file it does not happen and of course the signature is not added.

If you take the ' out of the signature file all works fine.

Re's
Rob

Post by **Klemen** » Tue Mar 04, 2008 9:04 am

Rob,

I can't seem to be able to generate this error on my server, would you please upload phpinfo file to your server so I can see how PHP is configured there:
http://www.phpjunkyard.com/extras/phpinfo.zip

You can either post results here or send them to me in a private message.

Tanks!

Rob Whisonant · Post by **Rob Whisonant** » Tue Mar 04, 2008 9:19 am

Klemen wrote:Rob,

I can't seem to be able to generate this error on my server, would you please upload phpinfo file to your server so I can see how PHP is configured there:
http://www.phpjunkyard.com/extras/phpinfo.zip

You can either post results here or send them to me in a private message.

Tanks!

PM sent.

Re's
Rob

Rob Whisonant · Post by **Rob Whisonant** » Tue Mar 04, 2008 9:29 am

More info.

It seems to only be a problem when you first create a signature file.

If you edit it and add a ', it does change it to \'

Then it works fine.

Re's
Rob

Post by **Klemen** » Tue Mar 04, 2008 3:54 pm

Thanks for the info, you can delete the phpinfo file now. I will have a look today or tomorrow.

Post by **Klemen** » Wed Mar 05, 2008 6:47 pm

Ok, try if this works for you:
http://www.phpjunkyard.com/extras/hesk_slash.zip

Whatever comes out I strongly recommend that you contact your host and demand that they upgrade their PHP, they have a very old version which is both insecure and could also be the reason for the problems you are having.