Marcin Matyaszczyk <m.matyaszc...@ogicom.pl> writes:
> we have a problem with Postgresql DLR storage, when we try to send sms
> with source field containing ' character we've got an error:
>
> 2015-04-02 10:18:51 CEST STATEMENT: INSERT INTO "dlr" ("smsc", "ts",
> "source", "destination", "service", "url", "mask", "boxc", "status")
> VALUES ('smppxxxx3', '88888888', 'Victoria's', '+48888888888', 'xxxxxx',
> 'http://xxxx.domain.pl/dlr2.php?id=110725920&source=XXXXXXX&t=%t&i=%i&d=%d&D=%D&A=%A&F=%F',
> '31', '', '0');
I think it is a bug. There have been similar bugs in other DLR storage
backends too:
* dlr_mem.c: OK.
* dlr_mysql.c: already fixed https://redmine.kannel.org/issues/258
"No call to mysql_escape in dlr_mysql".
* dlr_mssql.c: still open https://redmine.kannel.org/issues/727
"dlr_mssql.c doesn't escape apostrophes in strings".
* dlr_oracle.c: OK.
* dlr_pgsql.c: the source looks buggy, and you were hit by the bug,
but AFAIK the bug has not been filed in redmine.kannel.org.
* dlr_redis.c: apostrophes look OK, but I'm not sure about other
characters.
* dlr_sdb.c: the source looks buggy, but AFAIK the bug has not been
filed in redmine.kannel.org.
* dlr_spool.c: apostrophes look OK, but I'm not sure about other
characters.
* dlr_sqlite3.c: apostrophes look OK, but I'm not sure the
"AND %S LIKE '%?4'" construct will treat ?4 as a parameter
placeholder.
