fixes wrong SQL escaping when --enable-full-xml is set

2024-12-22 17:28:25 +01:00 · 2010-06-04 13:31:34 +10:00 · 2010-06-04 13:31:34 +10:00 · 4646a5dbb8
commit 4646a5dbb8
parent 1567592ac7
6 changed files with 16 additions and 11 deletions
--- a/src/ejd2odbc.erl
+++ b/src/ejd2odbc.erl
@ -141,8 +141,7 @@ export_offline(Server, Output) ->
 				TimeStamp))]},
 	      XML =
 		  ejabberd_odbc:escape(
-		    lists:flatten(
-		      xml:element_to_string(NewPacket))),
+		    xml:element_to_binary(NewPacket)),
 	      ["insert into spool(username, xml) "
 	       "values ('", Username, "', '",
 	       XML,
@ -176,7 +175,7 @@ export_vcard(Server, Output) ->
 	 when LServer == Host ->
 	      Username = ejabberd_odbc:escape(LUser),
 	      SVCARD = ejabberd_odbc:escape(
-			 lists:flatten(xml:element_to_string(VCARD))),
+			 xml:element_to_binary(VCARD)),
 	      ["delete from vcard where username='", Username, "';"
 	       "insert into vcard(username, vcard) "
 	       "values ('", Username, "', '", SVCARD, "');"];
@ -260,7 +259,7 @@ export_private_storage(Server, Output) ->
 	      Username = ejabberd_odbc:escape(LUser),
      	      LXMLNS = ejabberd_odbc:escape(XMLNS),
 	      SData = ejabberd_odbc:escape(
-			lists:flatten(xml:element_to_string(Data))),
+			xml:element_to_binary(Data)),
      	      odbc_queries:set_private_data_sql(Username, LXMLNS, SData);
 	 (_Host, _R) ->
      	      []
--- a/src/mod_muc/mod_muc_room.erl
+++ b/src/mod_muc/mod_muc_room.erl
@ -162,7 +162,7 @@ normal_state({route, From, "",
 			trunc(gen_mod:get_module_opt(
 				StateData#state.server_host,
 				mod_muc, min_message_interval, 0) * 1000000),
-		    Size = lists:flatlength(xml:element_to_string(Packet)),
+		    Size = iolist_size(xml:element_to_string(Packet)),
 		    {MessageShaper, MessageShaperInterval} =
 			shaper:update(Activity#activity.message_shaper, Size),
 		    if
@ -1406,7 +1406,7 @@ prepare_room_queue(StateData) ->
 	{{value, {message, From}}, _RoomQueue} ->
 	    Activity = get_user_activity(From, StateData),
 	    Packet = Activity#activity.message,
-	    Size = lists:flatlength(xml:element_to_string(Packet)),
+	    Size = iolist_size(xml:element_to_string(Packet)),
 	    {RoomShaper, RoomShaperInterval} =
 		shaper:update(StateData#state.room_shaper, Size),
 	    erlang:send_after(
@ -1417,7 +1417,7 @@ prepare_room_queue(StateData) ->
 	{{value, {presence, From}}, _RoomQueue} ->
 	    Activity = get_user_activity(From, StateData),
 	    {_Nick, Packet} = Activity#activity.presence,
-	    Size = lists:flatlength(xml:element_to_string(Packet)),
+	    Size = iolist_size(xml:element_to_string(Packet)),
 	    {RoomShaper, RoomShaperInterval} =
 		shaper:update(StateData#state.room_shaper, Size),
 	    erlang:send_after(
@ -2080,7 +2080,7 @@ add_message_to_history(FromNick, FromJID, Packet, StateData) ->
 		jlib:jid_replace_resource(StateData#state.jid, FromNick),
 		StateData#state.jid,
 		TSPacket),
-    Size = lists:flatlength(xml:element_to_string(SPacket)),
+    Size = iolist_size(xml:element_to_string(SPacket)),
    Q1 = lqueue_in({FromNick, TSPacket, HaveSubject, TimeStamp, Size},
 		   StateData#state.history),
    add_to_log(text, {FromNick, Packet}, StateData),
--- a/src/mod_private_odbc.erl
+++ b/src/mod_private_odbc.erl
@ -92,7 +92,7 @@ set_data(LUser, LServer, El) ->
 		    Username = ejabberd_odbc:escape(LUser),
 		    LXMLNS = ejabberd_odbc:escape(XMLNS),
 		    SData = ejabberd_odbc:escape(
-			       lists:flatten(xml:element_to_string(El))),
+			      xml:element_to_binary(El)),
 			odbc_queries:set_private_data(LServer, Username, LXMLNS, SData)
 	    end;
 	_ ->
--- a/src/mod_vcard_odbc.erl
+++ b/src/mod_vcard_odbc.erl
@ -216,7 +216,7 @@ set_vcard(User, LServer, VCARD) ->
 	    Username = ejabberd_odbc:escape(User),
 	    LUsername = ejabberd_odbc:escape(LUser),
 	    SVCARD = ejabberd_odbc:escape(
-		       lists:flatten(xml:element_to_string(VCARD))),
+		       xml:element_to_binary(VCARD)),

 	    SFN = ejabberd_odbc:escape(FN),
 	    SLFN = ejabberd_odbc:escape(LFN),
--- a/src/odbc/ejabberd_odbc.erl
+++ b/src/odbc/ejabberd_odbc.erl
@ -148,7 +148,9 @@ sql_query_t(Query) ->

 %% Escape character that will confuse an SQL engine
 escape(S) when is_list(S) ->
-    [odbc_queries:escape(C) || C <- S].
+    [odbc_queries:escape(C) || C <- S];
+escape(S) when is_binary(S) ->
+    escape(binary_to_list(S)).

 %% Escape character that will confuse an SQL engine
 %% Percent and underscore only need to be escaped for pattern matching like
--- a/src/xml.erl
+++ b/src/xml.erl
@ -28,6 +28,7 @@
 -author('alexey@process-one.net').

 -export([element_to_string/1,
+	 element_to_binary/1,
 	 crypt/1, make_text_node/1,
 	 remove_cdata/1,
 	 get_cdata/1, get_tag_cdata/1,
@ -47,6 +48,9 @@
 -define(ESCAPE_BINARY(CData), crypt(CData)).
 -endif.

+element_to_binary(El) ->
+    iolist_to_binary(element_to_string(El)).
+
 element_to_string(El) ->
    case catch element_to_string_nocatch(El) of
 	{'EXIT', Reason} ->