projects / evergreen / equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 098477e) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Wed, 16 Jan 2013 17:02:53 +0000 (12:02 -0500)
commit1215411812407ee8d74473a04154cd09ca90c18a
treeeaa151f019642194dd7d975a19352db0446c2aabtree
parent098477e17693160743382d069adfc5bda73bf549commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen working repo (Equinox)