]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4bd4977) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Wed, 16 Jan 2013 20:02:37 +0000 (15:02 -0500)
commit067ea0c73cf84bbedf4f6dc4de10a46b479d3b34
tree1c8728c3a77652b49e631a266dcce936e1361373tree
parent4bd4977ddd940b295da56b98ce6394010048bc01commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS