Forum OpenACS Q&A: Problem quoting escaped quotes

Collapse
Posted by Rich Graves on
HTML files containing the string [backslash single-quote single-quote]
can't be inserted into /admin/static/static-syncer-ns-set.tcl

Nor, it seems, can they be inserted into /bboard, which is why the
above reads [backslash single-quote single-quote] rather than the
actual string.

I'm posting this in the forum rather than in SDM because the impact
could well be wider.

I'm running 3.2.4 (tried CVS, but too slow and noticed on cvsweb that
nothing seems to have been committed recently anyway) on a fresh
install with aolserver 3.1 and postgres 7.0.2+subquery patch.

[03/Oct/2000:01:27:10][869.3076][-conn0-] Notice:
ad_check_file_for_sync called with
"/web/server1/www/clubcentral/beta/databinding3.html" and "nsdb3"
[03/Oct/2000:01:27:10][869.3076][-conn0-] Error: Ns_PgExec: result
status: 7 message: ERROR:  parser: parse error at or near "asdf"

[03/Oct/2000:01:27:10][869.3076][-conn0-] Error: dbinit:
error(129.64.8.30:5432:server1,ERROR:  parser: parse error at or near
"asdf"
): 'insert into static_pages (page_id, url_stub, page_title,
page_body)
values (nextval('page_id_sequence'),
'/clubcentral/beta/databinding3.html', 'untitled document at
/clubcentral/beta/databinding3.html', '<HTML><HEAD></HEAD><BODY>

<SCRIPT LANGUAGE="JavaScript">
<!--

document.write(''<A
HREF="javascript:alert([backslash single-quote
single-quote]asdf[backslash single-quote
single-quote])">asdfasdf</A>'');

Collapse
Posted by Rich Graves on
I can't seem to execute arbitrary SQL with this, but perhaps someone more creative can find a way...
Collapse
Posted by Don Baccus on
Backslashes need to be escaped in strings in Postgres, which is non-standard and annoying, but which probably won't change since it dates 'way back into early Postgres history and there are probably too many people who use the feature to change it.

Perhaps the "DoubleApos" routine needs to escape backslashes just as it doubles apostrophes?