projects / evergreen / equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54da44b) | patch
LP#1098377: sanitize savepoint names lp1098377_2.0
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Fri, 15 Feb 2013 15:22:36 +0000 (10:22 -0500)
commit960e8d4b062c7e71d155f1f96c8f613a3ee3e2c1
treed60c3b08679d96a4b71fd5cc45d971aa3a6ba1bftree
parent54da44be00e44954136a03de96e838b37f4809bacommit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen working repo (Equinox)