Hi Axel, the second part of the patch that adds userfield to the alphanumeric values is not part of the SQL injection fix.
To be precise this are two different vulnerabilities, the SQL injection and this part of the patch fixes a XSS flaw that got CVE-2008-2553 assigned. Please also reference this CVE id in the changelog. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpv5x9fbaZAr.pgp
Description: PGP signature
