projects / evergreen / equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 098477e) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Wed, 16 Jan 2013 20:01:47 +0000 (15:01 -0500)
commit955468b71d3cee9c97b27a8ddc90c1a2151aaac8
treeeaa151f019642194dd7d975a19352db0446c2aabtree
parent098477e17693160743382d069adfc5bda73bf549commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen working repo (Equinox)