mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
fixes wrong SQL escaping when --enable-full-xml is set
This commit is contained in:
Evgeniy Khramtsov
parent
1567592ac7
commit
4646a5dbb8
@ -141,8 +141,7 @@ export_offline(Server, Output) ->
|
|||||||
TimeStamp))]},
|
TimeStamp))]},
|
||||||
XML =
|
XML =
|
||||||
ejabberd_odbc:escape(
|
ejabberd_odbc:escape(
|
||||||
lists:flatten(
|
xml:element_to_binary(NewPacket)),
|
||||||
xml:element_to_string(NewPacket))),
|
|
||||||
["insert into spool(username, xml) "
|
["insert into spool(username, xml) "
|
||||||
"values ('", Username, "', '",
|
"values ('", Username, "', '",
|
||||||
XML,
|
XML,
|
||||||
@ -176,7 +175,7 @@ export_vcard(Server, Output) ->
|
|||||||
when LServer == Host ->
|
when LServer == Host ->
|
||||||
Username = ejabberd_odbc:escape(LUser),
|
Username = ejabberd_odbc:escape(LUser),
|
||||||
SVCARD = ejabberd_odbc:escape(
|
SVCARD = ejabberd_odbc:escape(
|
||||||
lists:flatten(xml:element_to_string(VCARD))),
|
xml:element_to_binary(VCARD)),
|
||||||
["delete from vcard where username='", Username, "';"
|
["delete from vcard where username='", Username, "';"
|
||||||
"insert into vcard(username, vcard) "
|
"insert into vcard(username, vcard) "
|
||||||
"values ('", Username, "', '", SVCARD, "');"];
|
"values ('", Username, "', '", SVCARD, "');"];
|
||||||
@ -260,7 +259,7 @@ export_private_storage(Server, Output) ->
|
|||||||
Username = ejabberd_odbc:escape(LUser),
|
Username = ejabberd_odbc:escape(LUser),
|
||||||
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
||||||
SData = ejabberd_odbc:escape(
|
SData = ejabberd_odbc:escape(
|
||||||
lists:flatten(xml:element_to_string(Data))),
|
xml:element_to_binary(Data)),
|
||||||
odbc_queries:set_private_data_sql(Username, LXMLNS, SData);
|
odbc_queries:set_private_data_sql(Username, LXMLNS, SData);
|
||||||
(_Host, _R) ->
|
(_Host, _R) ->
|
||||||
[]
|
[]
|
||||||
|
|||||||
@ -162,7 +162,7 @@ normal_state({route, From, "",
|
|||||||
trunc(gen_mod:get_module_opt(
|
trunc(gen_mod:get_module_opt(
|
||||||
StateData#state.server_host,
|
StateData#state.server_host,
|
||||||
mod_muc, min_message_interval, 0) * 1000000),
|
mod_muc, min_message_interval, 0) * 1000000),
|
||||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
Size = iolist_size(xml:element_to_string(Packet)),
|
||||||
{MessageShaper, MessageShaperInterval} =
|
{MessageShaper, MessageShaperInterval} =
|
||||||
shaper:update(Activity#activity.message_shaper, Size),
|
shaper:update(Activity#activity.message_shaper, Size),
|
||||||
if
|
if
|
||||||
@ -1406,7 +1406,7 @@ prepare_room_queue(StateData) ->
|
|||||||
{{value, {message, From}}, _RoomQueue} ->
|
{{value, {message, From}}, _RoomQueue} ->
|
||||||
Activity = get_user_activity(From, StateData),
|
Activity = get_user_activity(From, StateData),
|
||||||
Packet = Activity#activity.message,
|
Packet = Activity#activity.message,
|
||||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
Size = iolist_size(xml:element_to_string(Packet)),
|
||||||
{RoomShaper, RoomShaperInterval} =
|
{RoomShaper, RoomShaperInterval} =
|
||||||
shaper:update(StateData#state.room_shaper, Size),
|
shaper:update(StateData#state.room_shaper, Size),
|
||||||
erlang:send_after(
|
erlang:send_after(
|
||||||
@ -1417,7 +1417,7 @@ prepare_room_queue(StateData) ->
|
|||||||
{{value, {presence, From}}, _RoomQueue} ->
|
{{value, {presence, From}}, _RoomQueue} ->
|
||||||
Activity = get_user_activity(From, StateData),
|
Activity = get_user_activity(From, StateData),
|
||||||
{_Nick, Packet} = Activity#activity.presence,
|
{_Nick, Packet} = Activity#activity.presence,
|
||||||
Size = lists:flatlength(xml:element_to_string(Packet)),
|
Size = iolist_size(xml:element_to_string(Packet)),
|
||||||
{RoomShaper, RoomShaperInterval} =
|
{RoomShaper, RoomShaperInterval} =
|
||||||
shaper:update(StateData#state.room_shaper, Size),
|
shaper:update(StateData#state.room_shaper, Size),
|
||||||
erlang:send_after(
|
erlang:send_after(
|
||||||
@ -2080,7 +2080,7 @@ add_message_to_history(FromNick, FromJID, Packet, StateData) ->
|
|||||||
jlib:jid_replace_resource(StateData#state.jid, FromNick),
|
jlib:jid_replace_resource(StateData#state.jid, FromNick),
|
||||||
StateData#state.jid,
|
StateData#state.jid,
|
||||||
TSPacket),
|
TSPacket),
|
||||||
Size = lists:flatlength(xml:element_to_string(SPacket)),
|
Size = iolist_size(xml:element_to_string(SPacket)),
|
||||||
Q1 = lqueue_in({FromNick, TSPacket, HaveSubject, TimeStamp, Size},
|
Q1 = lqueue_in({FromNick, TSPacket, HaveSubject, TimeStamp, Size},
|
||||||
StateData#state.history),
|
StateData#state.history),
|
||||||
add_to_log(text, {FromNick, Packet}, StateData),
|
add_to_log(text, {FromNick, Packet}, StateData),
|
||||||
|
|||||||
@ -92,7 +92,7 @@ set_data(LUser, LServer, El) ->
|
|||||||
Username = ejabberd_odbc:escape(LUser),
|
Username = ejabberd_odbc:escape(LUser),
|
||||||
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
LXMLNS = ejabberd_odbc:escape(XMLNS),
|
||||||
SData = ejabberd_odbc:escape(
|
SData = ejabberd_odbc:escape(
|
||||||
lists:flatten(xml:element_to_string(El))),
|
xml:element_to_binary(El)),
|
||||||
odbc_queries:set_private_data(LServer, Username, LXMLNS, SData)
|
odbc_queries:set_private_data(LServer, Username, LXMLNS, SData)
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
|
|||||||
@ -216,7 +216,7 @@ set_vcard(User, LServer, VCARD) ->
|
|||||||
Username = ejabberd_odbc:escape(User),
|
Username = ejabberd_odbc:escape(User),
|
||||||
LUsername = ejabberd_odbc:escape(LUser),
|
LUsername = ejabberd_odbc:escape(LUser),
|
||||||
SVCARD = ejabberd_odbc:escape(
|
SVCARD = ejabberd_odbc:escape(
|
||||||
lists:flatten(xml:element_to_string(VCARD))),
|
xml:element_to_binary(VCARD)),
|
||||||
|
|
||||||
SFN = ejabberd_odbc:escape(FN),
|
SFN = ejabberd_odbc:escape(FN),
|
||||||
SLFN = ejabberd_odbc:escape(LFN),
|
SLFN = ejabberd_odbc:escape(LFN),
|
||||||
|
|||||||
@ -148,7 +148,9 @@ sql_query_t(Query) ->
|
|||||||
|
|
||||||
%% Escape character that will confuse an SQL engine
|
%% Escape character that will confuse an SQL engine
|
||||||
escape(S) when is_list(S) ->
|
escape(S) when is_list(S) ->
|
||||||
[odbc_queries:escape(C) || C <- S].
|
[odbc_queries:escape(C) || C <- S];
|
||||||
|
escape(S) when is_binary(S) ->
|
||||||
|
escape(binary_to_list(S)).
|
||||||
|
|
||||||
%% Escape character that will confuse an SQL engine
|
%% Escape character that will confuse an SQL engine
|
||||||
%% Percent and underscore only need to be escaped for pattern matching like
|
%% Percent and underscore only need to be escaped for pattern matching like
|
||||||
|
|||||||
@ -28,6 +28,7 @@
|
|||||||
-author('alexey@process-one.net').
|
-author('alexey@process-one.net').
|
||||||
|
|
||||||
-export([element_to_string/1,
|
-export([element_to_string/1,
|
||||||
|
element_to_binary/1,
|
||||||
crypt/1, make_text_node/1,
|
crypt/1, make_text_node/1,
|
||||||
remove_cdata/1,
|
remove_cdata/1,
|
||||||
get_cdata/1, get_tag_cdata/1,
|
get_cdata/1, get_tag_cdata/1,
|
||||||
@ -47,6 +48,9 @@
|
|||||||
-define(ESCAPE_BINARY(CData), crypt(CData)).
|
-define(ESCAPE_BINARY(CData), crypt(CData)).
|
||||||
-endif.
|
-endif.
|
||||||
|
|
||||||
|
element_to_binary(El) ->
|
||||||
|
iolist_to_binary(element_to_string(El)).
|
||||||
|
|
||||||
element_to_string(El) ->
|
element_to_string(El) ->
|
||||||
case catch element_to_string_nocatch(El) of
|
case catch element_to_string_nocatch(El) of
|
||||||
{'EXIT', Reason} ->
|
{'EXIT', Reason} ->
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user