Quote in category name breaks migrations

(Michael - DiscourseHosting.com) #1

This migration breaks whenever the meta category name or description contains a single quote. It’s probably a (low risk) SQL injection vector as well.

EDIT: to make it worse, the default French meta category description does actually contain a single quote by default.

Docker boostrap fails due to single quotes escaping in SQL INSERT commands
(Sam Saffron) #2



(Sam Saffron) #3