Page 1 of 1
Bug report concerning the signature file
Posted: Mon Mar 03, 2008 8:36 am
by Rob Whisonant
Just a quick bug report.
If you include a ' in a signature file it is not escaped and throws an SQL insert error.
Re's
Rob
Posted: Mon Mar 03, 2008 5:06 pm
by Klemen
Hi,
Hesk should automatically add slashes to all input data
Code: Select all
if (!ini_get('magic_quotes_gpc'))
{
if (!is_array($in))
$in = addslashes($in);
else
$in = hesk_slashArray($in);
}
Will have a look though and see if I can find the problem. Could you by any chance upload phpinfo file on your server and post the link here so I can check your server config?
http://www.phpjunkyard.com/extras/phpinfo.zip
Posted: Tue Mar 04, 2008 5:24 am
by Rob Whisonant
The problem only happens when you reply to an open ticket. If you un tick add signature file it does not happen and of course the signature is not added.
If you take the ' out of the signature file all works fine.
Re's
Rob
Posted: Tue Mar 04, 2008 9:04 am
by Klemen
Rob,
I can't seem to be able to generate this error on my server, would you please upload phpinfo file to your server so I can see how PHP is configured there:
http://www.phpjunkyard.com/extras/phpinfo.zip
You can either post results here or send them to me in a private message.
Tanks!
Posted: Tue Mar 04, 2008 9:19 am
by Rob Whisonant
Klemen wrote:Rob,
I can't seem to be able to generate this error on my server, would you please upload phpinfo file to your server so I can see how PHP is configured there:
http://www.phpjunkyard.com/extras/phpinfo.zip
You can either post results here or send them to me in a private message.
Tanks!
PM sent.
Re's
Rob
Posted: Tue Mar 04, 2008 9:29 am
by Rob Whisonant
More info.
It seems to only be a problem when you first create a signature file.
If you edit it and add a ', it does change it to \'
Then it works fine.
Re's
Rob
Posted: Tue Mar 04, 2008 3:54 pm
by Klemen
Thanks for the info, you can delete the phpinfo file now. I will have a look today or tomorrow.
Posted: Wed Mar 05, 2008 6:47 pm
by Klemen
Ok, try if this works for you:
http://www.phpjunkyard.com/extras/hesk_slash.zip
Whatever comes out I strongly recommend that you contact your host and demand that they upgrade their PHP, they have a very old version which is both insecure and could also be the reason for the problems you are having.