Thanks for the timely change and the willingness to improve.

On Sep 24, 2008, at 3:11 PM, Johan Solve wrote:

> It just occurred to me that encode_sql doesn't protect MySQL object
> names properly, so an SQL injection could be possible by abusing `
> in field names.
>
> I have released the first security update in Knop's history to the
> SVN repository. The regular file downloads have not been updated yet
> but you can browse the SVN trunk with a web browser and download it
> that way even without an SVN client.
>
> http://code.google.com/p/knop/source/browse/#svn/trunk
>
> knop_grid and knop_form are affected by the update.
>
>
> --
> Johan Sölve [FSA Member, Lasso Partner]
> Web Application/Lasso/FileMaker Developer
> MONTANIA SOFTWARE & SOLUTIONS
> http://www.montania.se mailto:joh-n@montania.se
> (spam-safe email address, replace '-' with 'a')
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <knop@lists.montania.se>.
> To unsubscribe, E-mail to: <knop-off@lists.montania.se>
> Send administrative queries to <knop-request@lists.montania.se>
> List archive http://www.nabble.com/Knop-Framework-Discussion-f29076.html
> Project homepage http://montania.se/projects/knop/
> Google Code has the latest downloads at http://code.google.com/p/knop/


#############################################################
This message is sent to you because you are subscribed to
the mailing list <knop@lists.montania.se>.
To unsubscribe, E-mail to: <knop-off@lists.montania.se>
Send administrative queries to <knop-request@lists.montania.se>
List archive http://www.nabble.com/Knop-Framework-Discussion-f29076.html
Project homepage http://montania.se/projects/knop/
Google Code has the latest downloads at http://code.google.com/p/knop/