[Webkit-unassigned] [Bug 9854] error interfacing with website's SQL
bugzilla-daemon at opendarwin.org
bugzilla-daemon at opendarwin.org
Tue Jul 11 11:00:20 PDT 2006
http://bugzilla.opendarwin.org/show_bug.cgi?id=9854
ddkilzer at kilzer.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ddkilzer at kilzer.net
------- Comment #1 from ddkilzer at kilzer.net 2006-07-11 11:00 PDT -------
(In reply to comment #0)
> The error message is:
>
> Submission Failed
> Submission failed for the following reason(s):
> You have an error in your SQL syntax near '"' at line 1
> Query: SELECT username, username_formatted, id, email FROM users WHERE id =
> XXXXX"
> Hit the 'back' button and try your submission again, making changes if
> necessary.
That message is very scary from a security standpoint. (That has nothing to do
with the issue with Safari, though.)
This bug would probably benefit from some packet analysis using something like
Ethereal or tcpdump. Compare what Firefox sends to the server when answering
the question with what Safari+WebKit sends.
--
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list