[JDEV] postgresql and vcard - change in sql interpretation

Bernino Lind lind at hlgroup.dk
Wed Mar 26 07:06:40 CST 2003 

Dear sirs,

Hope you enjoy your day!

My system:
FreeBSD subsilo.subsilo.dk 5.0-RELEASE FreeBSD 5.0-RELEASE #0: Thu Jan 16
22:16:53 GMT 2003    
root at hollin.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC  i386

postgresql-7.3.2_1
jabber-1.4.2
xdb_sql from latest CVS (the one that just got patched...)

Problem:
Missing server validation of birthdate and possible other paramaters sent
from client.

Example:
Using Psi I want to create a vcard for my acount.
Not putting anything in Brthday field generates the following error on the
server:

20030326T15:03:15: [alert] (xdb_sql_pgsql.c:209): error: r=8123e80 [ERROR:
 Bad date external representation ''
]

20030326T15:03:15: [alert] (-internal): [xdbsql_vcard_set] query failed :
ERROR:  Bad date external representation ''

Ie. in xdb_sql_pgsql.c there should be a clear distinction that when a
client sends '' or ' ' or '    '  or '123123' etc. really what is meant is
NULL in the SQL insert statement.

On a more abstract level this is not a problem confined to xdb_sql because
obviously we want birthdate to be a valid date which can be used for
whatever purpose later on?

Hence: does jabber have a validation mechanism for the data that users try
to upload in their vcard?

If so, can this be used by xdb_sql to generate correct SQL?

Im new to jabber and therefor I do not know which is the right list for
this question and also therefor: Any takers?

best regards, Bernino Lind



My XML was:
<iq type="set" id="aabfa" >
<vCard prodid="-//HandGen//NONSGML vGen v1.0//EN" xmlns="vcard-temp"
version="2.0" >
<FN>Bernino</FN>
<ORG/>
<ADR>
<HOME/>
</ADR>
</vCard>
</iq>

<iq from="zorro at 192.168.0.166/Psi" type="result"
to="zorro at 192.168.0.166/Psi" id="aabfa" />

<iq type="get" id="aac0a" to="zorro at 192.168.0.166" >
<vCard prodid="-//HandGen//NONSGML vGen v1.0//EN" xmlns="vcard-temp"
version="2.0" />
</iq>

<iq from="zorro at 192.168.0.166/Psi" type="result" to="zorro at 192.168.0.166"
id="aac0a" >
<vcard prodid="-//HandGen//NONSGML vGen v1.0//EN" xmlns="vcard-temp"
version="2.0" >
<vcard/>
</vcard>
</iq>

More information about the JDev mailing list