HGBot is a Python program that automates our Mercurial repository management, handles Mercurial authentication, and provides user interfaces such as IRC.
Currently, there are several checks to ensure strings sent to HGBot may not include SQL injections, such as end quotes or semicolons, but this may not be enough. Add a tighter filter on any string originating from IRC which gets passed into an SQL command.
While working on this task you should join and remain in #CopyleftGames on Freenode to get help, feedback, and guidance from mentors and other developers. Code updates which may affect your work are also announced here as they happen.
When you've done, commit your work and post the resulting changeset url to this task.