mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
fixes wrong SQL escaping when --enable-full-xml is set
This commit is contained in:
parent
1567592ac7
commit
4646a5dbb8
@ -141,8 +141,7 @@ export_offline(Server, Output) ->
|
||||
TimeStamp))]},
|
||||
XML =
|
||||
ejabberd_odbc:escape(
|
||||
lists:flatten(
|
||||
xml:element_to_string(NewPacket))),
|
||||
xml:element_to_binary(NewPacket)),
|
||||
["insert into spool(username, xml) "
|
||||
"values ('", Username, "', '",
|
||||
XML,
|
||||
@ -176,7 +175,7 @@ export_vcard(Server, Output) ->
|
||||
when LServer == Host ->
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
SVCARD = ejabberd_odbc:escape(
|
||||
lists:flatten(xml:element_to_string(VCARD))),
|
||||
xml:element_to_binary(VCARD)),
|
||||
["delete from vcard where username='", Username, "';"
|
||||
"insert into vcard(username, vcard) "
|
||||
"values ('", Username, "', '", SVCARD, "');"];
|
||||
@ -260,7 +259,7 @@ export_private_storage(Server, Output) ->
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
||||
SData = ejabberd_odbc:escape(
|
||||
lists:flatten(xml:element_to_string(Data))),
|
||||
xml:element_to_binary(Data)),
|
||||
odbc_queries:set_private_data_sql(Username, LXMLNS, SData);
|
||||
(_Host, _R) ->
|
||||
[]
|
||||
|
@ -162,7 +162,7 @@ normal_state({route, From, "",
|
||||
trunc(gen_mod:get_module_opt(
|
||||
StateData#state.server_host,
|
||||
mod_muc, min_message_interval, 0) * 1000000),
|
||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
||||
Size = iolist_size(xml:element_to_string(Packet)),
|
||||
{MessageShaper, MessageShaperInterval} =
|
||||
shaper:update(Activity#activity.message_shaper, Size),
|
||||
if
|
||||
@ -1406,7 +1406,7 @@ prepare_room_queue(StateData) ->
|
||||
{{value, {message, From}}, _RoomQueue} ->
|
||||
Activity = get_user_activity(From, StateData),
|
||||
Packet = Activity#activity.message,
|
||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
||||
Size = iolist_size(xml:element_to_string(Packet)),
|
||||
{RoomShaper, RoomShaperInterval} =
|
||||
shaper:update(StateData#state.room_shaper, Size),
|
||||
erlang:send_after(
|
||||
@ -1417,7 +1417,7 @@ prepare_room_queue(StateData) ->
|
||||
{{value, {presence, From}}, _RoomQueue} ->
|
||||
Activity = get_user_activity(From, StateData),
|
||||
{_Nick, Packet} = Activity#activity.presence,
|
||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
||||
Size = iolist_size(xml:element_to_string(Packet)),
|
||||
{RoomShaper, RoomShaperInterval} =
|
||||
shaper:update(StateData#state.room_shaper, Size),
|
||||
erlang:send_after(
|
||||
@ -2080,7 +2080,7 @@ add_message_to_history(FromNick, FromJID, Packet, StateData) ->
|
||||
jlib:jid_replace_resource(StateData#state.jid, FromNick),
|
||||
StateData#state.jid,
|
||||
TSPacket),
|
||||
Size = lists:flatlength(xml:element_to_string(SPacket)),
|
||||
Size = iolist_size(xml:element_to_string(SPacket)),
|
||||
Q1 = lqueue_in({FromNick, TSPacket, HaveSubject, TimeStamp, Size},
|
||||
StateData#state.history),
|
||||
add_to_log(text, {FromNick, Packet}, StateData),
|
||||
|
@ -92,7 +92,7 @@ set_data(LUser, LServer, El) ->
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
||||
SData = ejabberd_odbc:escape(
|
||||
lists:flatten(xml:element_to_string(El))),
|
||||
xml:element_to_binary(El)),
|
||||
odbc_queries:set_private_data(LServer, Username, LXMLNS, SData)
|
||||
end;
|
||||
_ ->
|
||||
|
@ -216,7 +216,7 @@ set_vcard(User, LServer, VCARD) ->
|
||||
Username = ejabberd_odbc:escape(User),
|
||||
LUsername = ejabberd_odbc:escape(LUser),
|
||||
SVCARD = ejabberd_odbc:escape(
|
||||
lists:flatten(xml:element_to_string(VCARD))),
|
||||
xml:element_to_binary(VCARD)),
|
||||
|
||||
SFN = ejabberd_odbc:escape(FN),
|
||||
SLFN = ejabberd_odbc:escape(LFN),
|
||||
|
@ -148,7 +148,9 @@ sql_query_t(Query) ->
|
||||
|
||||
%% Escape character that will confuse an SQL engine
|
||||
escape(S) when is_list(S) ->
|
||||
[odbc_queries:escape(C) || C <- S].
|
||||
[odbc_queries:escape(C) || C <- S];
|
||||
escape(S) when is_binary(S) ->
|
||||
escape(binary_to_list(S)).
|
||||
|
||||
%% Escape character that will confuse an SQL engine
|
||||
%% Percent and underscore only need to be escaped for pattern matching like
|
||||
|
@ -28,6 +28,7 @@
|
||||
-author('alexey@process-one.net').
|
||||
|
||||
-export([element_to_string/1,
|
||||
element_to_binary/1,
|
||||
crypt/1, make_text_node/1,
|
||||
remove_cdata/1,
|
||||
get_cdata/1, get_tag_cdata/1,
|
||||
@ -47,6 +48,9 @@
|
||||
-define(ESCAPE_BINARY(CData), crypt(CData)).
|
||||
-endif.
|
||||
|
||||
element_to_binary(El) ->
|
||||
iolist_to_binary(element_to_string(El)).
|
||||
|
||||
element_to_string(El) ->
|
||||
case catch element_to_string_nocatch(El) of
|
||||
{'EXIT', Reason} ->
|
||||
|
Loading…
Reference in New Issue
Block a user