projects / contrib / Conifer.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f8cf6f8) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerDan Scott <dscott@laurentian.ca>
Thu, 17 Jan 2013 04:53:08 +0000 (23:53 -0500)
commit9434f42c88f5cf99b3ca9980bd5a98b2bccf6a1b
treec6a06376239a0792b8fce72f1a6b332011d55deatree
parentf8cf6f8e83903dc76ddba4985f8ed428a4242721commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen contribs