The following issue has been RESOLVED.
======================================================================
http://www.dbmail.org/mantis/view.php?id=314
======================================================================
Reported By: niblettda
Assigned To:
======================================================================
Project: DBMail
Issue ID: 314
Category: Database layer
Reproducibility: always
Severity: minor
Priority: normal
Status: resolved
Resolution: fixed
Fixed in Version: SVN Trunk
======================================================================
Date Submitted: 15-Mar-06 15:42 CET
Last Modified: 20-Mar-06 09:49 CET
======================================================================
Summary: Single Quote in Mailbox Name
Description:
If you allow single quotes as part of the mailbox name in versions that
have the db_nochildren function, will cause an internal DB error and crash
the IMAP session.
Versions of DBMail before this function have no issue with single-qoutes.
The ultimate problem is that in the db_nochildren function the mailbox name
is not escaped before being used in a SQL query.
Attached is a patch to fix the code like most all other DB functions that
use the db_escape_string feature.
======================================================================
----------------------------------------------------------------------
aaron - 15-Mar-06 17:38
----------------------------------------------------------------------
Adapted and applied the patch to 2.1.SVN.
----------------------------------------------------------------------
sayler - 19-Mar-06 19:30
----------------------------------------------------------------------
Attached patch allows single-quotes in mailbox name, escapes the mailbox in
the one place where it was used unquoted in db.c, and provides a test case.
----------------------------------------------------------------------
paul - 20-Mar-06 09:49
----------------------------------------------------------------------
Patch is merged.
Issue History
Date Modified Username Field Change
======================================================================
15-Mar-06 15:42 niblettda New Issue
15-Mar-06 15:42 niblettda File Added: single-quote-nochildren.patch
15-Mar-06 15:43 niblettda Issue Monitored: niblettda
15-Mar-06 17:38 aaron Note Added: 0001040
19-Mar-06 19:29 sayler File Added: patch-2043-quotemailbox
19-Mar-06 19:30 sayler Note Added: 0001042
20-Mar-06 09:49 paul Note Added: 0001044
20-Mar-06 09:49 paul Status new => resolved
20-Mar-06 09:49 paul Resolution open => fixed
20-Mar-06 09:49 paul Fixed in Version => SVN Trunk
======================================================================
