r2325 - in /unstable/evolution-data-server/debian: changelog patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch patches/series
bigon at users.alioth.debian.org
bigon at users.alioth.debian.org
Thu Feb 7 15:35:25 UTC 2013
Author: bigon
Date: Thu Feb 7 15:35:25 2013
New Revision: 2325
URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=2325
Log:
d/p/03_EBookBackendSqliteDB_Escape_SQL_strings.patch: Properly escape
strings in convert_match_exp() (Closes: #699925)
Added:
unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch
Modified:
unstable/evolution-data-server/debian/changelog
unstable/evolution-data-server/debian/patches/series
Modified: unstable/evolution-data-server/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/changelog?rev=2325&op=diff
==============================================================================
--- unstable/evolution-data-server/debian/changelog (original)
+++ unstable/evolution-data-server/debian/changelog Thu Feb 7 15:35:25 2013
@@ -6,6 +6,8 @@
check email value in e_destination_set_contact() to avoid crash in some
conditions (Closes: #687951)
* debian/control: Add myself as an Uploaders
+ * d/p/03_EBookBackendSqliteDB_Escape_SQL_strings.patch: Properly escape
+ strings in convert_match_exp() (Closes: #699925)
-- Laurent Bigonville <bigon at debian.org> Thu, 31 Jan 2013 10:51:58 +0100
Added: unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch?rev=2325&op=file
==============================================================================
--- unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch (added)
+++ unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch Thu Feb 7 15:35:25 2013
@@ -1,0 +1,99 @@
+From 5cff7e6a8ad794c0831f2012652a0fd2c1f8842e Mon Sep 17 00:00:00 2001
+From: Mathias Hasselmann <mathias at openismus.com>
+Date: Wed, 12 Sep 2012 13:24:11 +0000
+Subject: Bug #677871 - EBookBackendSqliteDB - Escape SQL strings
+
+---
+diff --git a/addressbook/libedata-book/e-book-backend-sqlitedb.c b/addressbook/libedata-book/e-book-backend-sqlitedb.c
+index be37497..a1c67ea 100644
+--- a/addressbook/libedata-book/e-book-backend-sqlitedb.c
++++ b/addressbook/libedata-book/e-book-backend-sqlitedb.c
+@@ -1269,6 +1269,67 @@ typedef enum {
+ MATCH_ENDS_WITH
+ } match_type;
+
++static gchar *
++convert_string_value (const gchar *value,
++ match_type match)
++{
++ GString *str;
++ size_t len;
++ gchar c;
++ gboolean escape_modifier_needed = FALSE;
++ const gchar *escape_modifier = " ESCAPE '^'";
++
++ g_return_val_if_fail (value != NULL, NULL);
++
++ /* Just assume each character must be escaped. The result of this function
++ * is discarded shortly after calling this function. Therefore it's
++ * acceptable to possibly allocate twice the memory needed.
++ */
++ len = strlen (value);
++ str = g_string_sized_new (2 * len + 4 + strlen (escape_modifier) - 1);
++ g_string_append_c (str, '\'');
++
++ switch (match) {
++ case MATCH_CONTAINS:
++ case MATCH_ENDS_WITH:
++ g_string_append_c (str, '%');
++ break;
++
++ case MATCH_BEGINS_WITH:
++ case MATCH_IS:
++ break;
++ }
++
++ while ((c = *value++)) {
++ if (c == '\'') {
++ g_string_append_c (str, '\'');
++ } else if (c == '%' || c == '^') {
++ g_string_append_c (str, '^');
++ escape_modifier_needed = TRUE;
++ }
++
++ g_string_append_c (str, c);
++ }
++
++ switch (match) {
++ case MATCH_CONTAINS:
++ case MATCH_BEGINS_WITH:
++ g_string_append_c (str, '%');
++ break;
++
++ case MATCH_ENDS_WITH:
++ case MATCH_IS:
++ break;
++ }
++
++ g_string_append_c (str, '\'');
++
++ if (escape_modifier_needed)
++ g_string_append (str, escape_modifier);
++
++ return g_string_free (str, FALSE);
++}
++
+ static ESExpResult *
+ convert_match_exp (struct _ESExp *f,
+ gint argc,
+@@ -1287,17 +1348,7 @@ convert_match_exp (struct _ESExp *f,
+ field = argv[0]->value.string;
+
+ if (argv[1]->type == ESEXP_RES_STRING && argv[1]->value.string[0] != 0) {
+- gchar *value = NULL;
+-
+- if (match == MATCH_CONTAINS) {
+- value = g_strdup_printf ("'%%%s%%'", argv[1]->value.string);
+- } else if (match == MATCH_ENDS_WITH) {
+- value = g_strdup_printf ("'%%%s'", argv[1]->value.string);
+- } else if (match == MATCH_BEGINS_WITH) {
+- value = g_strdup_printf ("'%s%%'", argv[1]->value.string);
+- } else if (match == MATCH_IS) {
+- value = g_strdup_printf ("'%%%s%%'", argv[1]->value.string);
+- }
++ gchar *value = convert_string_value (argv[1]->value.string, match);
+
+ if (!strcmp (field, "full_name")) {
+ gchar *full, *sur, *given, *nick;
+--
+cgit v0.9.0.2
Modified: unstable/evolution-data-server/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/series?rev=2325&op=diff
==============================================================================
--- unstable/evolution-data-server/debian/patches/series (original)
+++ unstable/evolution-data-server/debian/patches/series Thu Feb 7 15:35:25 2013
@@ -1,3 +1,4 @@
01_Save_also_UID_REV_in_WebDAV_backend.patch
02-Check_email_value_in_e_destination_set_contact.patch
+03_EBookBackendSqliteDB_Escape_SQL_strings.patch
20_gettext_intltool.patch
More information about the pkg-evolution-commits
mailing list