Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:23777
Return-Path: <lsmith@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75709 invoked by uid 1010); 29 May 2006 21:13:28 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 75694 invoked from network); 29 May 2006 21:13:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 May 2006 21:13:28 -0000
X-PHP-List-Original-Sender: lsmith@php.net
X-Host-Fingerprint: 212.112.227.169 ipx11223.ipxserver.de Linux 2.5 (sometimes 2.4) (4)
Received: from ([212.112.227.169:49083] helo=ipx11223.ipxserver.de)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id AE/40-04939-6F36B744 for <internals@lists.php.net>; Mon, 29 May 2006 17:13:26 -0400
Received: from localhost (localhost [127.0.0.1])
	by ipx11223.ipxserver.de (Postfix) with ESMTP
	id 4CFD3DF00B3; Mon, 29 May 2006 23:14:39 +0200 (CEST)
Received: from ipx11223.ipxserver.de ([127.0.0.1])
	by localhost (ipx11223 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 19598-08; Mon, 29 May 2006 23:14:31 +0200 (CEST)
Received: from [127.0.0.1] (i577B4D54.versanet.de [87.123.77.84])
	by ipx11223.ipxserver.de (Postfix) with ESMTP
	id 97BDBDF0004; Mon, 29 May 2006 23:14:30 +0200 (CEST)
Message-ID: <447B63E7.9090101@php.net>
Date: Mon, 29 May 2006 23:13:11 +0200
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
MIME-Version: 1.0
To: Marcus Boerger <helly@php.net>
Cc: Christopher Kings-Lynne <chriskl@familyhealth.com.au>,
	internals@lists.php.net
References: <138663365.20060514205903@marcus-boerger.de> <038d01c676f8$ab9b3380$6602a8c0@foxbox> <44685D24.2000801@php.net> <1147708994.14148.23.camel@notebook.local> <16710545416.20060515202714@marcus-boerger.de> <1147721541.14148.47.camel@notebook.local> <4468DB43.1020005@emini.dk> <7.0.1.0.2.20060515194051.02b32ef8@zend.com> <1148496966.19173.79.camel@notebook.local> <454303585.20060524213714@marcus-boerger.de> <B9.57.17316.F4995744@pb1.pair.com> <44765279.8000601@akbkhome.com> <7.0.1.0.2.20060526040633.086814a0@zend.com> <4476608C.6070503@akbkhome.com> <7.0.1.0.2.20060526050422.08680c20@zend.com> <1376291629.20060526040801@marcus-boerger.de> <7.0.1.0.2.20060526120130.03c51060@zend.com> <4476C5C1.9080704@calorieking.com> <447A8E91.2030600@familyhealth.com.au> <1212468663.20060529225729@marcus-boerger.de>
In-Reply-To: <1212468663.20060529225729@marcus-boerger.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by somedaemon at backendmedia.com
Subject: Re: [PHP-DEV] Recent PostgreSQL serious security hole
From: lsmith@php.net (Lukas Smith)

Marcus Boerger wrote:

>> As a follow up I've attached my initial patch for this.  Can people 
>> please review?

Without having looked at the implementation:
Does this implementation also deal with changes in the client encoding?

http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html

This might require hooking into pg_client_encoding() ..

AFAIK this is what will happen in mysqli ..

regards,
Lukas