OK. this morning I created a working security breach using the
ability of to escape things in postgres. (If you're using
unencrypted passwords I can view them, if you're using encrypted I
can only view the encrypted version)
I know about DoubleApos. are there possibly any inserts that don't
use it?
and for a change this small is it still recommended to build a patch
and upload it?
Here is the new DoubleApos function to escape s.
(escaped for pg. if reading in email reduce the s by one half)
proc DoubleApos {string} {
regsub -all ' "$string" '' result1
regsub -all {\} "$result1" {\\} result
return $result
}
