[dovecot-cvs] dovecot/src/auth db-pgsql.c, 1.5, 1.6 db-pgsql.h, 1.2, 1.3 passdb-pgsql.c, 1.2, 1.3 userdb-pgsql.c, 1.4, 1.5

cras at procontrol.fi cras at procontrol.fi
Tue Apr 27 00:20:17 EEST 2004 

Update of /home/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv14192

Modified Files:
	db-pgsql.c db-pgsql.h passdb-pgsql.c userdb-pgsql.c 
Log Message:
Use PQescapeString() instead of str_escape()



Index: db-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-pgsql.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- db-pgsql.c	10 Jul 2003 03:04:07 -0000	1.5
+++ db-pgsql.c	26 Apr 2004 21:20:15 -0000	1.6
@@ -35,6 +35,17 @@
 static int pgsql_conn_open(struct pgsql_connection *conn);
 static void pgsql_conn_close(struct pgsql_connection *conn);
 
+const char *db_pgsql_escape(const char *str)
+{
+	char *esc_str;
+	size_t len = strlen(str);
+
+	/* @UNSAFE */
+	esc_str = t_malloc(len*2+1);
+	PQescapeString(esc_str, str, len);
+	return esc_str;
+}
+
 void db_pgsql_query(struct pgsql_connection *conn, const char *query,
 		    struct pgsql_request *request)
 {

Index: db-pgsql.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-pgsql.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- db-pgsql.h	2 Apr 2003 02:09:41 -0000	1.2
+++ db-pgsql.h	26 Apr 2004 21:20:15 -0000	1.3
@@ -37,6 +37,8 @@
 	void *context;
 };
 
+const char *db_pgsql_escape(const char *str);
+
 void db_pgsql_query(struct pgsql_connection *conn, const char *query,
 		    struct pgsql_request *request);
 

Index: passdb-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-pgsql.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- passdb-pgsql.c	2 Apr 2003 02:09:41 -0000	1.2
+++ passdb-pgsql.c	26 Apr 2004 21:20:15 -0000	1.3
@@ -105,7 +105,7 @@
 
 	str = t_str_new(512);
 	var_expand(str, conn->set.password_query,
-		   str_escape(auth_request->user), NULL);
+		   db_pgsql_escape(auth_request->user), NULL);
 	query = str_c(str);
 
 	pgsql_request->callback = pgsql_handle_request;

Index: userdb-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userdb-pgsql.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- userdb-pgsql.c	8 May 2003 04:28:30 -0000	1.4
+++ userdb-pgsql.c	26 Apr 2004 21:20:15 -0000	1.5
@@ -93,7 +93,7 @@
 	string_t *str;
 
 	str = t_str_new(512);
-	var_expand(str, conn->set.user_query, str_escape(user), NULL);
+	var_expand(str, conn->set.user_query, db_pgsql_escape(user), NULL);
 	query = str_c(str);
 
 	request = i_malloc(sizeof(struct userdb_pgsql_request) + strlen(user));

More information about the dovecot-cvs mailing list