projects / contrib / Conifer.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 118fcc0) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerDan Scott <dscott@laurentian.ca>
Thu, 17 Jan 2013 04:51:20 +0000 (23:51 -0500)
commit3d7554d633bd2f07080feee7eb1255ac5714b3ba
tree7457da3ad4769f25dbb14b463f12611b1cd1c8e0tree
parent118fcc02c245e2f2c5dcce7d952d6329b9d3a850commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen contribs