projects / working / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4bd4977) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerLebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Wed, 16 Jan 2013 17:23:29 +0000 (12:23 -0500)
commitdf3e58f69423142418baf9583fb82d6691d55235
tree1c8728c3a77652b49e631a266dcce936e1361373tree
parent4bd4977ddd940b295da56b98ce6394010048bc01commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS