]> git.evergreen-ils.org Git - working/Evergreen.git/commit
projects / working / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb9a80b) | patch
LP#1098377: sanitize savepoint names
authorGalen Charlton <gmc@esilibrary.com>
Fri, 11 Jan 2013 07:30:50 +0000 (02:30 -0500)
committerBill Erickson <berick@esilibrary.com>
Wed, 16 Jan 2013 20:00:53 +0000 (15:00 -0500)
commitce9d5391b7b51af91a8827ebff555624bca809e4
tree09db46f85cd9bcbf6b15095d39e8494a44f7f691tree
parentfb9a80bdf082963df053705a0af0bc7585be9979commit | diff
LP#1098377: sanitize savepoint names

When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
caller supplies a name for the savepoint.  However, the savepoint
names could be constructed so that the caller could execute
arbitrary SQL.  This patch sanitizes the name so that it contains
only alphanumeric and underscore characters.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
Open-ILS/src/c-apps/oils_sql.c diff | blob | history
Evergreen ILS