Escape user input in mod_privacy_odbc (EJAB-1442)

2024-11-22 16:20:52 +01:00 · 2011-04-26 20:35:25 +02:00 · 2011-04-26 20:35:25 +02:00 · 3952888f94
commit 3952888f94
parent 9b145385af
1 changed files with 2 additions and 2 deletions
--- a/src/mod_privacy_odbc.erl
+++ b/src/mod_privacy_odbc.erl
@ -751,9 +751,9 @@ item_to_raw(#listitem{type = Type,
 	    none ->
 		{"n", ""};
 	    jid ->
-		{"j", jlib:jid_to_string(Value)};
+		{"j", ejabberd_odbc:escape(jlib:jid_to_string(Value))};
 	    group ->
-		{"g", Value};
+		{"g", ejabberd_odbc:escape(Value)};
 	    subscription ->
 		case Value of
 		    none ->