288709 - syncLDAP.pl cannot handle a regular name with " ' "

Status: RESOLVED WORKSFORME

(Bugzilla :: Administration, task)

Description

[eloft110]

User-Agent:       Mozilla/5.0 (X11; U; IRIX64 IP35; en-US; rv:1.8b2) Gecko/R-A-C Firefox/1.0+
Build Identifier: 

The script syncLDAP.pl cannot handle a name like N'Diaye, Prud'homme anything
with a " ' " in the name. The "SendSQL" command should probably use the same
type of "SqlQuote" as in edituser.cgi. Since I'm not a perl programmer I can't
provide a patch.



Reproducible: Always

Comment 1

[GavinS]

Attachment: Updated syncLDAP with added quoting

I've added the SQLQuote() calls, but I haven't got any LDAP server setup to
test with. Reporter, do you have a test install you could use to test this?

Comment 2

[GavinS]

CC'ing original author of contributed script, in case Andreas wanted to
comment/check on the changes to the syncLDAP.pl script 

Comment 3

[Max Kanat-Alexander]

Comment on attachment 179396 [details]
Updated syncLDAP with added quoting

Don't use SqlQuote, use $dbh->quote or use placeholders.

Comment 4

[eloft110]

(In reply to comment #1)
> Created an attachment (id=179396) [edit]
> Updated syncLDAP with added quoting
> 
> I've added the SQLQuote() calls, but I haven't got any LDAP server setup to
> test with. Reporter, do you have a test install you could use to test this?

I have tested it, I had to change SQLQuote to SqlQuote (note capital letters).
With this change, the script worked. Thank you.

Comment 5

[Max Kanat-Alexander]

It still needs to be actually fixed in CVS.

Comment 6

[GavinS]

(In reply to comment #3)
> (From update of attachment 179396 [details] [edit])
> Don't use SqlQuote, use $dbh->quote or use placeholders.

Yes, I've started updating the script to use DBI.

Comment 7

[Max Kanat-Alexander]

It looks like this script uses entirely DBI calls nowadays, since we eliminated all of the deprecated DB functions. So WORKSFORME.