Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:23694 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 30462 invoked by uid 1010); 26 May 2006 09:35:21 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 30439 invoked from network); 26 May 2006 09:35:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 May 2006 09:35:21 -0000 X-PHP-List-Original-Sender: chris.kings-lynne@calorieking.com X-Host-Fingerprint: 203.22.197.21 houston.au.fhnetwork.com FreeBSD 4.6-4.9 Received: from ([203.22.197.21:1742] helo=houston.familyhealth.com.au) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id E1/74-17316-9C5C6744 for ; Fri, 26 May 2006 05:09:30 -0400 Received: from houston.familyhealth.com.au (localhost [127.0.0.1]) by houston.familyhealth.com.au (Postfix) with ESMTP id 30E2E2573A for ; Fri, 26 May 2006 17:09:24 +0800 (WST) Received: from [127.0.0.1] (work-48.internal [192.168.0.48]) by houston.familyhealth.com.au (Postfix) with ESMTP id A9F3725723 for ; Fri, 26 May 2006 17:09:22 +0800 (WST) Message-ID: <4476C5C1.9080704@calorieking.com> Date: Fri, 26 May 2006 17:09:21 +0800 User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 Cc: internals@lists.php.net References: <138663365.20060514205903@marcus-boerger.de> <038d01c676f8$ab9b3380$6602a8c0@foxbox> <44685D24.2000801@php.net> <1147708994.14148.23.camel@notebook.local> <16710545416.20060515202714@marcus-boerger.de> <1147721541.14148.47.camel@notebook.local> <4468DB43.1020005@emini.dk> <7.0.1.0.2.20060515194051.02b32ef8@zend.com> <1148496966.19173.79.camel@notebook.local> <454303585.20060524213714@marcus-boerger.de> <44765279.8000601@akbkhome.com> <7.0.1.0.2.20060526040633.086814a0@zend.com> <4476608C.6070503@akbkhome.com> <7.0.1.0.2.20060526050422.08680c20@zend.com> <1376291629.20060526040801@marcus-boerger.de> <7.0.1.0.2.20060526120130.03c51060@zend.com> In-Reply-To: <7.0.1.0.2.20060526120130.03c51060@zend.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-familyhealth-MailScanner-Information: Please contact the ISP for more information X-familyhealth-MailScanner: Found to be clean X-familyhealth-MailScanner-From: chris.kings-lynne@calorieking.com Subject: Recent PostgreSQL serious security hole From: chris.kings-lynne@calorieking.com (Christopher Kings-Lynne) Hi, I'm starting on a pg_real_escape_string and pg_real_escape_bytea function for PostgreSQL, based on this security release: http://www.postgresql.org/docs/techdocs.49 Is anyone else working on it, or is it fine that I do it? I'll let you know if it's going to take me too long. Basically the new functions are analagous to the mysql_real_escape_string function. The difference will be that the pgsql function will have the optional DB connection resource as the first parameter rather than the second. (Same as other pgsql functions) Any comments? There may be cause to backport these functions ... although the existing pg_escape_string function is safe in a single threaded context. That's your guys call. Chris