[dovecot-cvs] dovecot/src/lib-sql driver-sqlite.c,1.6,1.7

cras at dovecot.org cras at dovecot.org
Tue Jun 27 12:25:57 EEST 2006


Update of /var/lib/cvs/dovecot/src/lib-sql
In directory talvi:/tmp/cvs-serv8623

Modified Files:
	driver-sqlite.c 
Log Message:
Escape ' with '' instead of with \'.



Index: driver-sqlite.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-sql/driver-sqlite.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- driver-sqlite.c	31 May 2006 11:02:50 -0000	1.6
+++ driver-sqlite.c	27 Jun 2006 09:25:55 -0000	1.7
@@ -2,7 +2,6 @@
 
 #include "lib.h"
 #include "str.h"
-#include "strescape.h"
 #include "sql-api-private.h"
 
 #ifdef BUILD_SQLITE
@@ -92,7 +91,30 @@
 static char *driver_sqlite_escape_string(struct sql_db *_db __attr_unused__,
 					 const char *string)
 {
-	return t_strdup_noconst(str_escape(string));
+	const char *p;
+	char *dest, *destbegin;
+
+	/* find the first ' */
+	for (p = string; *p != '\''; p++) {
+		if (*p == '\0')
+			return t_strdup_noconst(string);
+	}
+
+	/* @UNSAFE: escape ' with '' */
+	dest = destbegin = t_buffer_get((p - string) + strlen(string) * 2 + 1);
+
+	memcpy(dest, string, p - string);
+	dest += p - string;
+
+	for (; *p != '\0'; p++) {
+		*dest++ = *p;
+		if (*p == '\'')
+			*dest++ = *p;
+	}
+	*dest++ = '\0';
+	t_buffer_alloc(dest - destbegin);
+
+	return destbegin;
 }
 
 static void driver_sqlite_exec(struct sql_db *_db, const char *query)



More information about the dovecot-cvs mailing list