]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 675266c) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerDan Scott <dscott@laurentian.ca>
Wed, 16 Jan 2013 20:20:44 +0000 (15:20 -0500)
commit6ec9a532d2e5d7dbb89089f456e4455bfa92f2ed
tree30c6ea13a7463692866370cd3591f8c4f48589d2tree
parent675266c42dbada9cbc3054a46ea30a17e7560d2ecommit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Conflicts:
Open-ILS/src/c-apps/oils_sql.c
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS