[dovecot-cvs] dovecot/src/lib-sql driver-sqlite.c,1.6,1.7
cras at dovecot.org
cras at dovecot.org
Tue Jun 27 12:25:57 EEST 2006
Update of /var/lib/cvs/dovecot/src/lib-sql
In directory talvi:/tmp/cvs-serv8623
Modified Files:
driver-sqlite.c
Log Message:
Escape ' with '' instead of with \'.
Index: driver-sqlite.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-sql/driver-sqlite.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- driver-sqlite.c 31 May 2006 11:02:50 -0000 1.6
+++ driver-sqlite.c 27 Jun 2006 09:25:55 -0000 1.7
@@ -2,7 +2,6 @@
#include "lib.h"
#include "str.h"
-#include "strescape.h"
#include "sql-api-private.h"
#ifdef BUILD_SQLITE
@@ -92,7 +91,30 @@
static char *driver_sqlite_escape_string(struct sql_db *_db __attr_unused__,
const char *string)
{
- return t_strdup_noconst(str_escape(string));
+ const char *p;
+ char *dest, *destbegin;
+
+ /* find the first ' */
+ for (p = string; *p != '\''; p++) {
+ if (*p == '\0')
+ return t_strdup_noconst(string);
+ }
+
+ /* @UNSAFE: escape ' with '' */
+ dest = destbegin = t_buffer_get((p - string) + strlen(string) * 2 + 1);
+
+ memcpy(dest, string, p - string);
+ dest += p - string;
+
+ for (; *p != '\0'; p++) {
+ *dest++ = *p;
+ if (*p == '\'')
+ *dest++ = *p;
+ }
+ *dest++ = '\0';
+ t_buffer_alloc(dest - destbegin);
+
+ return destbegin;
}
static void driver_sqlite_exec(struct sql_db *_db, const char *query)
More information about the dovecot-cvs
mailing list