[ic] error in lib/vend/table/dbi.pm?
Stefan Hornburg Racke
interchange-users@interchange.redhat.com
Sun Oct 28 14:48:04 2001
Frederic Steinfels <fredo@dvdupgrades.ch> writes:
> Hi everybody
>
> I have just spent two hours finding out why my SQL Query "SHOW COLUMNS
> FROM pricing" failed. I hope this fix will be implemented in the next
> release.
>
> In Interchange 4.8.1 dbi.pm line 1498 there is written
>
> $update = 1 if $query !~ /^\s*select\s+/i;
>
> In order to get those show and explain things to work, you whould write
>
> $update = 1 if $query !~ /^\s*(select|show|explain)\s+/i;
>
> or are there any security issues?
I suppose no one thought of these statements resp. a meaningful use
of these statements within IC. You're supposed to know your database
structure beforehand.
Ciao
Racke
--
Racke happily hacks Interchange and maintains Debian packages like Courier.
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)