Fossil SCM

TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted.

drh 2025-04-21 12:23 trunk
Commit 9e035ee3b3a2e47384f19206da3c26f6d64a7259650406744abc65d7553356bb
Parent 2116238e80cc3dc…
1 file changed +2 -1
~ src/tkt.c
M src/tkt.c
+2 -1
--- src/tkt.c
+++ src/tkt.c
@@ -210,11 +210,12 @@
210210
 zVal = zRevealed = db_reveal(zVal);
211211
 }
212212
 if( (j = fieldId(zName))>=0 ){
213213
 aField[j].zValue = mprintf("%s", zVal);
214214
 }else if( memcmp(zName, "tkt_", 4)==0 && Th_Fetch(zName, &size)==0 ){
215
- Th_StoreUnsafe(zName, zVal);
215
+ /* TICKET table columns that begin with "tkt_" are always safe */
216
+ Th_Store(zName, zVal);
216217
 }
217218
 free(zRevealed);
218219
 }
219220
 Th_Store("tkt_mage", human_readable_age(db_column_double(&q, 2)));
220221
 Th_Store("tkt_cage", human_readable_age(db_column_double(&q, 3)));
221222
--- src/tkt.c
+++ src/tkt.c
@@ -210,11 +210,12 @@
210 zVal = zRevealed = db_reveal(zVal);
211 }
212 if( (j = fieldId(zName))>=0 ){
213 aField[j].zValue = mprintf("%s", zVal);
214 }else if( memcmp(zName, "tkt_", 4)==0 && Th_Fetch(zName, &size)==0 ){
215 Th_StoreUnsafe(zName, zVal);
 
216 }
217 free(zRevealed);
218 }
219 Th_Store("tkt_mage", human_readable_age(db_column_double(&q, 2)));
220 Th_Store("tkt_cage", human_readable_age(db_column_double(&q, 3)));
221
--- src/tkt.c
+++ src/tkt.c
@@ -210,11 +210,12 @@
210 zVal = zRevealed = db_reveal(zVal);
211 }
212 if( (j = fieldId(zName))>=0 ){
213 aField[j].zValue = mprintf("%s", zVal);
214 }else if( memcmp(zName, "tkt_", 4)==0 && Th_Fetch(zName, &size)==0 ){
215 /* TICKET table columns that begin with "tkt_" are always safe */
216 Th_Store(zName, zVal);
217 }
218 free(zRevealed);
219 }
220 Th_Store("tkt_mage", human_readable_age(db_column_double(&q, 2)));
221 Th_Store("tkt_cage", human_readable_age(db_column_double(&q, 3)));
222

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button