View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006236mantisbtdb postgresqlpublic2005-09-12 07:172014-05-16 15:02
Reportervboctor Assigned Tograngeway  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.0.0rc1 
Fixed in Version1.2.0a2 
Summary0006236: Escaping error in PostgreSQL
Description

There is an error in the core/database_api.php when you use postgres sql.

line 300 is: return pg_escape_string( $p_string ); but it must be: return pg_escape_bytea( $p_string ); otherwise all files will be corrupt after upload.

Heike

Additional Information

This error was reported by Heike on the File Uploads page in the manual:
http://manual.mantisbt.org/manual.configuration.file.upload.php

TagsNo tags attached.

Relationships

related to 0011013 closedgrangeway ticket 6236 should be reopen. 

Activities

flabrie

flabrie

2006-07-03 21:25

reporter   ~0013063

I can confirm this issue: the wrong line number is now 313 with Mantis 1.0.3.
martijnm

martijnm

2007-01-11 09:12

reporter   ~0013910

Unfortunately the fix above solves the file-upload problem, but creates new problems regarding strings with "abnormal" characters. "Für Elise" will become "F\374r Elise". pg_escape_bytea() seems not to be the appropiate function for normal strings...
simtel

simtel

2008-03-14 16:49

reporter   ~0017355

The bug is still there in 1.1.1

I've fixed it on my setup changing this function in core/database_api.php:

function db_prepare_binary_string( $p_string ) {
    $t_db_type = config_get( 'db_type' );

    switch( $t_db_type ) {
        case 'mssql':
        case 'odbc_mssql':
        case 'ado_mssql':
            $content = unpack("H*hex", $p_string);
            return '0x' . $content['hex'];
            break;

        case 'postgres':
        case 'postgres64':
        case 'postgres7':
        case 'pgsql':
            return '\'' . pg_escape_bytea( $p_string ) . '\'';

        default:
            return '\'' . db_prepare_string( $p_string ) . '\'';
            break;
    }
}

and calling it from core/bug_api.php at line 634, instead of db_prepare_string
grangeway

grangeway

2008-08-01 13:22

reporter   ~0018985

Hello

Thank you for taking the time to report a problem with mantis.

A Possible Fix for this issue has been commited to SVN, for inclusion in the 1.2.0a2 release due within the next few weeks.

If you are able to reproduce this bug in the 1.2.0a2 release, or SVN trunk code, Please change the status back to "Open", or open a new issue report with more information.

Again, thank you for your continued support and report.
grangeway

grangeway

2014-05-16 15:02

reporter   ~0040551

MantisBT currently supports Mysql and has support for other database engines.

The support for other databases is known to be problematic.

Having implemented the current database layer into Mantis 10 years ago, I'm currently working on replacing the current layer.

If you are interested in using Mantis with non-mysql databases - for example, Oracle, PGSQL or MSSQL, and would be willing to help out testing the new database layer, please drop me an email at paul@mantisforge.org

In the meantime, I'd advise running Mantis with Mysql Only to avoid issues.

Thanks
Paul