No input saniziting, no error handling on installation

Zugschlus · Post by **Zugschlus** » Sun Feb 05, 2006 7:27 pm

Hi,

when I installed s9y yesterday, I chose "mh-s9y" as database user name and database and table name prefix.

s9y happily accepted these names (while it shouldn't have if "-" is a forbidden character in mySQL table names), and proceeded to issue SQL statements with the broken name. All of them were rejected and caused SQL errors, but s9y continued to issue SQL commands and finally said "success" (error handling either not present or badly broken).

Afterwards, s9y refused to enter configuration state again since it thought it was successfully configured. I had to empty serendipity_config_local.php.inc to be allowed to undo my mistake.

Greetings
Marc

Post by **garvinhicking** » Mon Feb 06, 2006 1:24 pm

Thanks, this is true. We'll work on it.

Regards,
Garvin

Post by **garvinhicking** » Mon Feb 06, 2006 2:21 pm

Testing the DB prefix is technically a bit hard to do and will require temporary table creation. We'll see about this after the 1.0 release.

Regards,
Garvin

No input saniziting, no error handling on installation

No input saniziting, no error handling on installation

Re: No input saniziting, no error handling on installation

Re: No input saniziting, no error handling on installation