Quote in category name breaks migrations


(Michael - DiscourseHosting.com) #1

This migration breaks whenever the meta category name or description contains a single quote. It’s probably a (low risk) SQL injection vector as well.

EDIT: to make it worse, the default French meta category description does actually contain a single quote by default.


Docker boostrap fails due to single quotes escaping in SQL INSERT commands
(Sam Saffron) #2

Fixed:

https://github.com/discourse/discourse/commit/2bace90054bba0b06a24cdace58300515e34b483


(Sam Saffron) #3