From 4646a5dbb8d9d371fcacacc790e932f4dc123f5c Mon Sep 17 00:00:00 2001 From: Evgeniy Khramtsov Date: Fri, 4 Jun 2010 13:31:34 +1000 Subject: [PATCH] fixes wrong SQL escaping when --enable-full-xml is set --- src/ejd2odbc.erl | 7 +++---- src/mod_muc/mod_muc_room.erl | 8 ++++---- src/mod_private_odbc.erl | 2 +- src/mod_vcard_odbc.erl | 2 +- src/odbc/ejabberd_odbc.erl | 4 +++- src/xml.erl | 4 ++++ 6 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/ejd2odbc.erl b/src/ejd2odbc.erl index 2bcbc9c41..6c7caf9b2 100644 --- a/src/ejd2odbc.erl +++ b/src/ejd2odbc.erl @@ -141,8 +141,7 @@ export_offline(Server, Output) -> TimeStamp))]}, XML = ejabberd_odbc:escape( - lists:flatten( - xml:element_to_string(NewPacket))), + xml:element_to_binary(NewPacket)), ["insert into spool(username, xml) " "values ('", Username, "', '", XML, @@ -176,7 +175,7 @@ export_vcard(Server, Output) -> when LServer == Host -> Username = ejabberd_odbc:escape(LUser), SVCARD = ejabberd_odbc:escape( - lists:flatten(xml:element_to_string(VCARD))), + xml:element_to_binary(VCARD)), ["delete from vcard where username='", Username, "';" "insert into vcard(username, vcard) " "values ('", Username, "', '", SVCARD, "');"]; @@ -260,7 +259,7 @@ export_private_storage(Server, Output) -> Username = ejabberd_odbc:escape(LUser), LXMLNS = ejabberd_odbc:escape(XMLNS), SData = ejabberd_odbc:escape( - lists:flatten(xml:element_to_string(Data))), + xml:element_to_binary(Data)), odbc_queries:set_private_data_sql(Username, LXMLNS, SData); (_Host, _R) -> [] diff --git a/src/mod_muc/mod_muc_room.erl b/src/mod_muc/mod_muc_room.erl index 98d88f21b..b20e4cabd 100644 --- a/src/mod_muc/mod_muc_room.erl +++ b/src/mod_muc/mod_muc_room.erl @@ -162,7 +162,7 @@ normal_state({route, From, "", trunc(gen_mod:get_module_opt( StateData#state.server_host, mod_muc, min_message_interval, 0) * 1000000), - Size = lists:flatlength(xml:element_to_string(Packet)), + Size = iolist_size(xml:element_to_string(Packet)), {MessageShaper, MessageShaperInterval} = shaper:update(Activity#activity.message_shaper, Size), if @@ -1406,7 +1406,7 @@ prepare_room_queue(StateData) -> {{value, {message, From}}, _RoomQueue} -> Activity = get_user_activity(From, StateData), Packet = Activity#activity.message, - Size = lists:flatlength(xml:element_to_string(Packet)), + Size = iolist_size(xml:element_to_string(Packet)), {RoomShaper, RoomShaperInterval} = shaper:update(StateData#state.room_shaper, Size), erlang:send_after( @@ -1417,7 +1417,7 @@ prepare_room_queue(StateData) -> {{value, {presence, From}}, _RoomQueue} -> Activity = get_user_activity(From, StateData), {_Nick, Packet} = Activity#activity.presence, - Size = lists:flatlength(xml:element_to_string(Packet)), + Size = iolist_size(xml:element_to_string(Packet)), {RoomShaper, RoomShaperInterval} = shaper:update(StateData#state.room_shaper, Size), erlang:send_after( @@ -2080,7 +2080,7 @@ add_message_to_history(FromNick, FromJID, Packet, StateData) -> jlib:jid_replace_resource(StateData#state.jid, FromNick), StateData#state.jid, TSPacket), - Size = lists:flatlength(xml:element_to_string(SPacket)), + Size = iolist_size(xml:element_to_string(SPacket)), Q1 = lqueue_in({FromNick, TSPacket, HaveSubject, TimeStamp, Size}, StateData#state.history), add_to_log(text, {FromNick, Packet}, StateData), diff --git a/src/mod_private_odbc.erl b/src/mod_private_odbc.erl index f0e4dbfd1..13e6683b4 100644 --- a/src/mod_private_odbc.erl +++ b/src/mod_private_odbc.erl @@ -92,7 +92,7 @@ set_data(LUser, LServer, El) -> Username = ejabberd_odbc:escape(LUser), LXMLNS = ejabberd_odbc:escape(XMLNS), SData = ejabberd_odbc:escape( - lists:flatten(xml:element_to_string(El))), + xml:element_to_binary(El)), odbc_queries:set_private_data(LServer, Username, LXMLNS, SData) end; _ -> diff --git a/src/mod_vcard_odbc.erl b/src/mod_vcard_odbc.erl index aa35bd4be..701babb40 100644 --- a/src/mod_vcard_odbc.erl +++ b/src/mod_vcard_odbc.erl @@ -216,7 +216,7 @@ set_vcard(User, LServer, VCARD) -> Username = ejabberd_odbc:escape(User), LUsername = ejabberd_odbc:escape(LUser), SVCARD = ejabberd_odbc:escape( - lists:flatten(xml:element_to_string(VCARD))), + xml:element_to_binary(VCARD)), SFN = ejabberd_odbc:escape(FN), SLFN = ejabberd_odbc:escape(LFN), diff --git a/src/odbc/ejabberd_odbc.erl b/src/odbc/ejabberd_odbc.erl index da18e0e1c..390cc44a6 100644 --- a/src/odbc/ejabberd_odbc.erl +++ b/src/odbc/ejabberd_odbc.erl @@ -148,7 +148,9 @@ sql_query_t(Query) -> %% Escape character that will confuse an SQL engine escape(S) when is_list(S) -> - [odbc_queries:escape(C) || C <- S]. + [odbc_queries:escape(C) || C <- S]; +escape(S) when is_binary(S) -> + escape(binary_to_list(S)). %% Escape character that will confuse an SQL engine %% Percent and underscore only need to be escaped for pattern matching like diff --git a/src/xml.erl b/src/xml.erl index 96d0b2189..9a9a7f833 100644 --- a/src/xml.erl +++ b/src/xml.erl @@ -28,6 +28,7 @@ -author('alexey@process-one.net'). -export([element_to_string/1, + element_to_binary/1, crypt/1, make_text_node/1, remove_cdata/1, get_cdata/1, get_tag_cdata/1, @@ -47,6 +48,9 @@ -define(ESCAPE_BINARY(CData), crypt(CData)). -endif. +element_to_binary(El) -> + iolist_to_binary(element_to_string(El)). + element_to_string(El) -> case catch element_to_string_nocatch(El) of {'EXIT', Reason} ->