]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a8db04c) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Wed, 16 Jan 2013 20:04:55 +0000 (15:04 -0500)
commitc94c559a17322a464cd6f9096942ec0a8585f65c
treeca17ec6a74061933b6b94d8cdb423af28c0adf31tree
parenta8db04ccf3ca77d19ff1302b2661a3a2796360a7commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Conflicts:
Open-ILS/src/c-apps/oils_sql.c
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS