Gmail import needs to escape full names before db insert
Bug #701570 reported by
Christopher Adams
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| PPL |
Fix Released
|
Critical
|
Bassel Safadi | ||
Bug Description
Full names need to be escaped before insertion into the database, particularly in the eventuality that they contain single quotes, e.g. Tim O'Reilly.
| Changed in ppl: | |
| importance: | Undecided → Critical |
| milestone: | none → 0.2 |
| status: | New → Triaged |
Revision history for this message
| Christopher Adams (christopheradams) wrote | #1 |
| Changed in ppl: | |
| status: | Triaged → In Progress |
Revision history for this message
| Christopher Adams (christopheradams) wrote | #2 |
| Changed in ppl: | |
| assignee: | nobody → Bassel Safadi (bassel) |
| Changed in ppl: | |
| status: | In Progress → Fix Released |
Revision history for this message
| Christopher Adams (christopheradams) wrote | #3 |
To post a comment you must log in.
For Flickr and Twitter contact import, the correct values are achieved by running any usernames that might contain odd characters through mysql_real_
In the case of GMail import, the usernames are grabbed from Google Contacts by the javascript in widget 38 (gmail_head), which posts them as data to import_gmail.php.
In import_gmail.php, I found it necessary to run the names through stripslashes. Otherwise, the names will show up in the database as Tim O\'Reilly, etc.
An additional step might be to run the variables in the javascript through encodeURICompon
Interestingly, pace the Flickr and Twitter import which *need* mysql_real_
Anyone want to add some insight into this?