Fossil SCM

Make use of %q instead of %s to avoid SQL injections.

drh 2012-08-22 20:19 trunk
Commit e766df0a69a317946270ec41a33753937532e18a
Parent b6a7e52c938fc22…
4 files changed +3 -3 +1 -1 +1 -1 +1 -1
~ src/add.c ~ src/branch.c ~ src/info.c ~ src/tkt.c
M src/add.c
+3 -3
--- src/add.c
+++ src/add.c
@@ -93,11 +93,11 @@
9393
 int i;
9494
 const char *z;
9595
 blob_zero(&x);
9696
 for(i=0; (z = fossil_reserved_name(i))!=0; i++){
9797
 if( i>0 ) blob_append(&x, ",", 1);
98
- blob_appendf(&x, "'%s'", z);
98
+ blob_appendf(&x, "'%q'", z);
9999
 }
100100
 zAll = blob_str(&x);
101101
 }
102102
 return zAll;
103103
 }
@@ -507,11 +507,11 @@
507507
 ** The original name of the file is zOrig. The new filename is zNew.
508508
 */
509509
 static void mv_one_file(int vid, const char *zOrig, const char *zNew){
510510
 fossil_print("RENAME %s %s\n", zOrig, zNew);
511511
 db_multi_exec(
512
- "UPDATE vfile SET pathname='%s' WHERE pathname='%s' AND vid=%d",
512
+ "UPDATE vfile SET pathname='%q' WHERE pathname='%q' AND vid=%d",
513513
 zNew, zOrig, vid
514514
 );
515515
 }
516516
517517
 /*
@@ -591,11 +591,11 @@
591591
 zTail = file_tail(zPath);
592592
 }else{
593593
 zTail = &zPath[nOrig+1];
594594
 }
595595
 db_multi_exec(
596
- "INSERT INTO mv VALUES('%s','%s%s')",
596
+ "INSERT INTO mv VALUES('%q','%q%q')",
597597
 zPath, blob_str(&dest), zTail
598598
 );
599599
 }
600600
 db_finalize(&q);
601601
 }
602602
--- src/add.c
+++ src/add.c
@@ -93,11 +93,11 @@
93 int i;
94 const char *z;
95 blob_zero(&x);
96 for(i=0; (z = fossil_reserved_name(i))!=0; i++){
97 if( i>0 ) blob_append(&x, ",", 1);
98 blob_appendf(&x, "'%s'", z);
99 }
100 zAll = blob_str(&x);
101 }
102 return zAll;
103 }
@@ -507,11 +507,11 @@
507 ** The original name of the file is zOrig. The new filename is zNew.
508 */
509 static void mv_one_file(int vid, const char *zOrig, const char *zNew){
510 fossil_print("RENAME %s %s\n", zOrig, zNew);
511 db_multi_exec(
512 "UPDATE vfile SET pathname='%s' WHERE pathname='%s' AND vid=%d",
513 zNew, zOrig, vid
514 );
515 }
516
517 /*
@@ -591,11 +591,11 @@
591 zTail = file_tail(zPath);
592 }else{
593 zTail = &zPath[nOrig+1];
594 }
595 db_multi_exec(
596 "INSERT INTO mv VALUES('%s','%s%s')",
597 zPath, blob_str(&dest), zTail
598 );
599 }
600 db_finalize(&q);
601 }
602
--- src/add.c
+++ src/add.c
@@ -93,11 +93,11 @@
93 int i;
94 const char *z;
95 blob_zero(&x);
96 for(i=0; (z = fossil_reserved_name(i))!=0; i++){
97 if( i>0 ) blob_append(&x, ",", 1);
98 blob_appendf(&x, "'%q'", z);
99 }
100 zAll = blob_str(&x);
101 }
102 return zAll;
103 }
@@ -507,11 +507,11 @@
507 ** The original name of the file is zOrig. The new filename is zNew.
508 */
509 static void mv_one_file(int vid, const char *zOrig, const char *zNew){
510 fossil_print("RENAME %s %s\n", zOrig, zNew);
511 db_multi_exec(
512 "UPDATE vfile SET pathname='%q' WHERE pathname='%q' AND vid=%d",
513 zNew, zOrig, vid
514 );
515 }
516
517 /*
@@ -591,11 +591,11 @@
591 zTail = file_tail(zPath);
592 }else{
593 zTail = &zPath[nOrig+1];
594 }
595 db_multi_exec(
596 "INSERT INTO mv VALUES('%q','%q%q')",
597 zPath, blob_str(&dest), zTail
598 );
599 }
600 db_finalize(&q);
601 }
602
M src/branch.c
+1 -1
--- src/branch.c
+++ src/branch.c
@@ -61,11 +61,11 @@
6161
 fossil_panic("branch name cannot be empty");
6262
 }
6363
 if( db_exists(
6464
 "SELECT 1 FROM tagxref"
6565
 " WHERE tagtype>0"
66
- " AND tagid=(SELECT tagid FROM tag WHERE tagname='sym-%s')",
66
+ " AND tagid=(SELECT tagid FROM tag WHERE tagname='sym-%q')",
6767
 zBranch)!=0 ){
6868
 fossil_fatal("branch \"%s\" already exists", zBranch);
6969
 }
7070
7171
 user_select();
7272
--- src/branch.c
+++ src/branch.c
@@ -61,11 +61,11 @@
61 fossil_panic("branch name cannot be empty");
62 }
63 if( db_exists(
64 "SELECT 1 FROM tagxref"
65 " WHERE tagtype>0"
66 " AND tagid=(SELECT tagid FROM tag WHERE tagname='sym-%s')",
67 zBranch)!=0 ){
68 fossil_fatal("branch \"%s\" already exists", zBranch);
69 }
70
71 user_select();
72
--- src/branch.c
+++ src/branch.c
@@ -61,11 +61,11 @@
61 fossil_panic("branch name cannot be empty");
62 }
63 if( db_exists(
64 "SELECT 1 FROM tagxref"
65 " WHERE tagtype>0"
66 " AND tagid=(SELECT tagid FROM tag WHERE tagname='sym-%q')",
67 zBranch)!=0 ){
68 fossil_fatal("branch \"%s\" already exists", zBranch);
69 }
70
71 user_select();
72
M src/info.c
+1 -1
--- src/info.c
+++ src/info.c
@@ -230,11 +230,11 @@
230230
 "SELECT tag.tagid, tagname, "
231231
 " (SELECT uuid FROM blob WHERE rid=tagxref.srcid AND rid!=%d),"
232232
 " value, datetime(tagxref.mtime,'localtime'), tagtype,"
233233
 " (SELECT uuid FROM blob WHERE rid=tagxref.origid AND rid!=%d)"
234234
 " FROM tagxref JOIN tag ON tagxref.tagid=tag.tagid"
235
- " WHERE tagxref.rid=%d AND tagname NOT GLOB '%s'"
235
+ " WHERE tagxref.rid=%d AND tagname NOT GLOB '%q'"
236236
 " ORDER BY tagname /*sort*/", rid, rid, rid, zNotGlob
237237
 );
238238
 while( db_step(&q)==SQLITE_ROW ){
239239
 const char *zTagname = db_column_text(&q, 1);
240240
 const char *zSrcUuid = db_column_text(&q, 2);
241241
--- src/info.c
+++ src/info.c
@@ -230,11 +230,11 @@
230 "SELECT tag.tagid, tagname, "
231 " (SELECT uuid FROM blob WHERE rid=tagxref.srcid AND rid!=%d),"
232 " value, datetime(tagxref.mtime,'localtime'), tagtype,"
233 " (SELECT uuid FROM blob WHERE rid=tagxref.origid AND rid!=%d)"
234 " FROM tagxref JOIN tag ON tagxref.tagid=tag.tagid"
235 " WHERE tagxref.rid=%d AND tagname NOT GLOB '%s'"
236 " ORDER BY tagname /*sort*/", rid, rid, rid, zNotGlob
237 );
238 while( db_step(&q)==SQLITE_ROW ){
239 const char *zTagname = db_column_text(&q, 1);
240 const char *zSrcUuid = db_column_text(&q, 2);
241
--- src/info.c
+++ src/info.c
@@ -230,11 +230,11 @@
230 "SELECT tag.tagid, tagname, "
231 " (SELECT uuid FROM blob WHERE rid=tagxref.srcid AND rid!=%d),"
232 " value, datetime(tagxref.mtime,'localtime'), tagtype,"
233 " (SELECT uuid FROM blob WHERE rid=tagxref.origid AND rid!=%d)"
234 " FROM tagxref JOIN tag ON tagxref.tagid=tag.tagid"
235 " WHERE tagxref.rid=%d AND tagname NOT GLOB '%q'"
236 " ORDER BY tagname /*sort*/", rid, rid, rid, zNotGlob
237 );
238 while( db_step(&q)==SQLITE_ROW ){
239 const char *zTagname = db_column_text(&q, 1);
240 const char *zSrcUuid = db_column_text(&q, 2);
241
M src/tkt.c
+1 -1
--- src/tkt.c
+++ src/tkt.c
@@ -466,11 +466,11 @@
466466
 }
467467
 }
468468
 }
469469
 if( *(char**)pUuid ){
470470
 zUuid = db_text(0,
471
- "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", P("name")
471
+ "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%q*'", P("name")
472472
 );
473473
 }else{
474474
 zUuid = db_text(0, "SELECT lower(hex(randomblob(20)))");
475475
 }
476476
 *(const char**)pUuid = zUuid;
477477
--- src/tkt.c
+++ src/tkt.c
@@ -466,11 +466,11 @@
466 }
467 }
468 }
469 if( *(char**)pUuid ){
470 zUuid = db_text(0,
471 "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", P("name")
472 );
473 }else{
474 zUuid = db_text(0, "SELECT lower(hex(randomblob(20)))");
475 }
476 *(const char**)pUuid = zUuid;
477
--- src/tkt.c
+++ src/tkt.c
@@ -466,11 +466,11 @@
466 }
467 }
468 }
469 if( *(char**)pUuid ){
470 zUuid = db_text(0,
471 "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%q*'", P("name")
472 );
473 }else{
474 zUuid = db_text(0, "SELECT lower(hex(randomblob(20)))");
475 }
476 *(const char**)pUuid = zUuid;
477

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button