r2325 - in /unstable/evolution-data-server/debian: changelog patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch patches/series

bigon at users.alioth.debian.org bigon at users.alioth.debian.org
Thu Feb 7 15:35:25 UTC 2013 

Author: bigon
Date: Thu Feb  7 15:35:25 2013
New Revision: 2325

URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=2325
Log:
d/p/03_EBookBackendSqliteDB_Escape_SQL_strings.patch: Properly escape
strings in convert_match_exp() (Closes: #699925)

Added:
    unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch
Modified:
    unstable/evolution-data-server/debian/changelog
    unstable/evolution-data-server/debian/patches/series

Modified: unstable/evolution-data-server/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/changelog?rev=2325&op=diff
==============================================================================
--- unstable/evolution-data-server/debian/changelog (original)
+++ unstable/evolution-data-server/debian/changelog Thu Feb  7 15:35:25 2013
@@ -6,6 +6,8 @@
     check email value in e_destination_set_contact() to avoid crash in some
     conditions (Closes: #687951)
   * debian/control: Add myself as an Uploaders
+  * d/p/03_EBookBackendSqliteDB_Escape_SQL_strings.patch: Properly escape
+    strings in convert_match_exp() (Closes: #699925)
 
  -- Laurent Bigonville <bigon at debian.org>  Thu, 31 Jan 2013 10:51:58 +0100
 

Added: unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch?rev=2325&op=file
==============================================================================
--- unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch (added)
+++ unstable/evolution-data-server/debian/patches/03_EBookBackendSqliteDB_Escape_SQL_strings.patch Thu Feb  7 15:35:25 2013
@@ -1,0 +1,99 @@
+From 5cff7e6a8ad794c0831f2012652a0fd2c1f8842e Mon Sep 17 00:00:00 2001
+From: Mathias Hasselmann <mathias at openismus.com>
+Date: Wed, 12 Sep 2012 13:24:11 +0000
+Subject: Bug #677871 - EBookBackendSqliteDB - Escape SQL strings
+
+---
+diff --git a/addressbook/libedata-book/e-book-backend-sqlitedb.c b/addressbook/libedata-book/e-book-backend-sqlitedb.c
+index be37497..a1c67ea 100644
+--- a/addressbook/libedata-book/e-book-backend-sqlitedb.c
++++ b/addressbook/libedata-book/e-book-backend-sqlitedb.c
+@@ -1269,6 +1269,67 @@ typedef enum {
+ 	MATCH_ENDS_WITH
+ } match_type;
+ 
++static gchar *
++convert_string_value (const gchar *value,
++                      match_type match)
++{
++	GString *str;
++	size_t len;
++	gchar c;
++	gboolean escape_modifier_needed = FALSE;
++	const gchar *escape_modifier = " ESCAPE '^'";
++
++	g_return_val_if_fail (value != NULL, NULL);
++
++	/* Just assume each character must be escaped. The result of this function
++	 * is discarded shortly after calling this function. Therefore it's
++	 * acceptable to possibly allocate twice the memory needed.
++	 */
++	len = strlen (value);
++	str = g_string_sized_new (2 * len + 4 + strlen (escape_modifier) - 1);
++	g_string_append_c (str, '\'');
++
++	switch (match) {
++	case MATCH_CONTAINS:
++	case MATCH_ENDS_WITH:
++		g_string_append_c (str, '%');
++		break;
++
++	case MATCH_BEGINS_WITH:
++	case MATCH_IS:
++		break;
++	}
++
++	while ((c = *value++)) {
++		if (c == '\'') {
++			g_string_append_c (str, '\'');
++		} else if (c == '%' || c == '^') {
++			g_string_append_c (str, '^');
++			escape_modifier_needed = TRUE;
++		}
++
++		g_string_append_c (str, c);
++	}
++
++	switch (match) {
++	case MATCH_CONTAINS:
++	case MATCH_BEGINS_WITH:
++		g_string_append_c (str, '%');
++		break;
++
++	case MATCH_ENDS_WITH:
++	case MATCH_IS:
++		break;
++	}
++
++	g_string_append_c (str, '\'');
++
++	if (escape_modifier_needed)
++		g_string_append (str, escape_modifier);
++
++	return g_string_free (str, FALSE);
++}
++
+ static ESExpResult *
+ convert_match_exp (struct _ESExp *f,
+                    gint argc,
+@@ -1287,17 +1348,7 @@ convert_match_exp (struct _ESExp *f,
+ 		field = argv[0]->value.string;
+ 
+ 		if (argv[1]->type == ESEXP_RES_STRING && argv[1]->value.string[0] != 0) {
+-			gchar *value = NULL;
+-
+-			if (match == MATCH_CONTAINS) {
+-				value = g_strdup_printf ("'%%%s%%'", argv[1]->value.string);
+-			} else if (match == MATCH_ENDS_WITH) {
+-				value = g_strdup_printf ("'%%%s'", argv[1]->value.string);
+-			} else if (match == MATCH_BEGINS_WITH) {
+-				value = g_strdup_printf ("'%s%%'", argv[1]->value.string);
+-			} else if (match == MATCH_IS) {
+-				value = g_strdup_printf ("'%%%s%%'", argv[1]->value.string);
+-			}
++			gchar *value = convert_string_value (argv[1]->value.string, match);
+ 
+ 			if (!strcmp (field, "full_name")) {
+ 				gchar *full, *sur, *given, *nick;
+--
+cgit v0.9.0.2

Modified: unstable/evolution-data-server/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/series?rev=2325&op=diff
==============================================================================
--- unstable/evolution-data-server/debian/patches/series (original)
+++ unstable/evolution-data-server/debian/patches/series Thu Feb  7 15:35:25 2013
@@ -1,3 +1,4 @@
 01_Save_also_UID_REV_in_WebDAV_backend.patch
 02-Check_email_value_in_e_destination_set_contact.patch
+03_EBookBackendSqliteDB_Escape_SQL_strings.patch
 20_gettext_intltool.patch

More information about the pkg-evolution-commits mailing list